Using ModSecurity
ModSecurity is a popular open source web application firewall that can be used in conjunction with the Apache and Nginx web servers. When leona is configured behind a web server that uses ModSecurity, certain configuration changes must be made.
Some distributions (for example RHEL 7.x) ship with older rule sets that do not allow the MIME type application/json
to be used in requests. This can be fixed by modifying the variable tx.allowed_request_content_type
:
# Allow application/json
SecRule REQUEST_URI "@beginsWith /" \
"id:'000001', \
phase:1, \
t:none, \
setvar:'tx.allowed_request_content_type=application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf|application/json|application/octet-stream', \
nolog, \
pass"
Last updated