Installing ModSecurity & OWASP Core Rule Set on an Amazon EC2 Linux (CentOS) Instance

NOTE: This post has been updated to include the requirement of mod_unique_id.

As part of some investigations at work I have been playing around with ModSecurity, the open source web application firewall (WAF), and the standard set of rules provided by OWASP. All our infrastructure is hosted with Amazon AWS so I thought that it would be useful to drop down the steps I took to get this working on a bare bones Amazon Linux box.

Install ModSecurity

You can, of course, compile ModSecurity from the sources but it is easier to install via yum, however, it is part … Read the rest

Enforced Posting Silence

You may have noticed that there haven’t many (any) posts for a while. This is due to the following email I received from my existing server host:

Thank you for your years of loyalty. We regret to inform you that VPS Unlimited will be closing permanently on November 17, 2014. All customers must move their data off to another provider before this date. This is a hard deadline. All data will be destroyed on November 18, 2014. There will be no way to access your VPS after this date.

Insert your own expletive here.

Given that I have about eight … Read the rest

Accessing Amazon RDS Instance from Remote phpMyAdmin

imagesOne of the great services offered by Amazon Web Services (AWS) stack is Amazon Relational Database Service (RDS). This is a properly managed database server that you can run alongside your existing application server instances allowing the load to be spread.

This all works well but management can be a little tedious especially if you have been used to managing your existing MySQL server through phpMyAdmin. However, do not despair as it is possible to manage RDS from phpMyAdmin running on a remote server and this post shows you how.

This article assumes that you already have both RDS and … Read the rest