ModSecurity / OWASP CRS

The Key to ModSecurity and the OWASP ModSecurity Core Rules with Christian Folini

This two-day course will help you set up an Apache webserver and install ModSecurity together with a tight ruleset. We will configure the server and talk about every single detail of the configuration to give you an expert understanding of how your server works and behaves.

Please note: Zürich trainings are currently suspended due to the coronavirus crisis. Please contact us for alternatives and future dates.

Contact us if you'd like to attend this course! Future dates will be announced here.

Zürich training in cooperation with netnea AG


Why This Course is for You

  • Don't spend ages trying to figure out ModSecurity yourself — learn all the tricks with this practical course from a top ModSecurity expert
  • Everything from how to install ModSecurity to how to take security of your applications to a new level
  • Gain insight into ModSecurity blacklisting and whitelisting
  • Learn how to set up the OWASP ModSecurity Core Rules
  • Learn how to extract the information from the server and analyse it without ever leaving the shell

Course Outline

  1. Setting up Apache
    1. Compiling apache yourself
    2. Minimalistic Apache configuration
    3. Walk through the configuration
    4. Extending the logfiles
      1. IO and performance data
      2. GeoIP information
      3. TLS protocol and cipher
      4. ModSecurity infos
    5. Data extracting done fast
    6. Basic statistics on the data
  2. Setting up ModSecurity
    1. Compiling ModSecurity yourself
    2. ModSecurity base configuration
      1. Rule Engine
      2. Audit Engine
      3. Request limits
  3. First Steps with ModSecurity
    1. First rules
    2. Full transaction log
  4. ModSecurity Blacklisting (negative security model)
  5. ModSecurity Whitelisting (positive security model)
  6. Enabling the Core Rules
    1. Introduction to the Core Rules scoring concept
    2. A slightly different approach to their base config
    3. Testing core rules in action (includes attack scanner)
  7. Tuning the Core Rules
    1. Identify false positives
    2. Tune away the false positives
    3. Calculated approach to setting the scoring limits
  8. LogFile visualisation
    1. Histograms of traffic data
    2. Bell curve distributions in the shell
  9. Reverse Proxy setup
    1. Setting a standard Reverse Proxy
    2. Introduction to some ModRewrite Voodoo
    3. Apache Proxy Balancer
    4. Combining ModRewrite and Proxy Balancer
  10. Effective debugging
    1. The 4-shell setup
      1. Config window
      2. Controlling Apache
      3. HTTP requests with curl
      4. Logfile monitor
    2. Customizing the setup for your environment
  11. Open discussion
  12. Bring your ideas and problems to the course and we will discuss them together.

Meet the Trainer

Dr. Christian Folini is a partner at netnea AG He holds a PhD in medieval history and enjoys defending castles across Europe. Unfortunately, defending medieval castles is no big business anymore and Christian turned to defending web servers which he thinks equally challenging. With his background in humanities, Christian is able to bridge the gap between techies and non-techies. He brings more than ten years' experience in this role, specialising in Apache / ModSecurity configuration, DDoS defense and threat modeling.

Christian is a frequent committer to the OWASP ModSecurity Core Rule Set, vice president of Swiss Cyber Experts (a public private partnership), program chair of the Swiss Cyberstorm conference and many other things.

Location Zürich: Neuengasse 6
2nd Floor - Swissfilms, CH-8005 Zürich, Switzerland

Level: Intermediate / Advanced

Duration: 2 days

Extras: Lunch and refreshments included

What You Need to Know

Target audience

This course is for experienced Apache system administrators who want to boost their security and for maintainers of ModSecurity enabled services who want expert insight into the effective configuration and tuning.


  • Basic understanding of HTTP and Apache
  • Comfortable working in the shell
  • A physical or virtual machine with Ubuntu installed (versions: 16.04 LTS, 18.04 LTS, 18.10 and 19.04)

The teaching material will include all examples from the class and enable you to replay the full course at home.

Want us to come to you?

This training is also available on-site.