Skip to content

Latest commit

 

History

History
81 lines (40 loc) · 2.81 KB

README.md

File metadata and controls

81 lines (40 loc) · 2.81 KB

About

Aegis WAF provides a Nginx reverse-proxy with libmodsecurity (Modsecurity 3.x) with OWASP Modsecurity Core Rule Set (CRS) and Certbot (Let's Encrypt Certificates) support.

Requirements

You must ensure that you allow BOTH incoming TCP/80 and TCP/443 to your Aegis WAF machine.

Installation

Aegis WAF can be easily installed in your existing Ubuntu 18.04 LTS, 20.04 LTS or 22.04 LTS server machine by utilizing the included ubuntu_aegis_waf_install.sh script. The script requires that you have a fully updated Ubuntu server installation.

Quick script install and run instructions

Git clone the Aegis WAF repository:

sudo git clone https://github.com/deeztek/aegis-web-application-firewall.git

This will clone the repository and create a aegis-waf directory in the directory you ran the git clone command from.

Change to the aegis-waf directory:

cd aegis-web-application-firewall/

Run the script as root:

bash ubuntu_aegis_waf_install.sh

The script will install all required components and install Aegis WAF on the /opt/aegis-waf directory

Getting Started

Start creating sites by running the /opt/aegis-waf/scripts/start.sh script

Notes

New sites will be created under /usr/local/nginx/conf/sites-enabled. By default Modsecurity, automatic redirection from HTTP to HTTPS and HSTS are disabled.

Enable Modsecurity by uncommenting the following section in BOTH corresponding HTTP and HTTPS .conf files:

modsecurity on;

modsecurity_rules_file /usr/local/nginx/conf/modsecurity/THE-SITE_modsecurity.conf;

Enable HTTP to HTTPS automatic redirection by uncommenting the following section in the corresponding site HTTP ONLY .conf file:

return 301 https://$host$request_uri;

Enable HSTS by uncommenting the following section in the corresponding site HTTPS ONLY .conf file (Exercise caution before enabling HSTS for your site because it will commit your site to serve HTTPS only content. Ensure the site works as desired before enabling):

add_header Strict-Transport-Security "max-age=31536000; preload";

Documentation

Coming soon...

Support

Support can be obtained by visiting our Aegis WAF Discourse Forums at:

https://community.deeztek.com/c/aegis-waf-support

Updating

If Aegis WAF Git directory does NOT exist, git clone the Aegis WAF repository:

sudo git clone https://github.com/deeztek/aegis-web-application-firewall.git

If Aegis WAF Git directory exists, change to the existing aegis-waf git directory and git pull the Aegis WAF repository:

cd /path/to/aegis-web-application-firewall

sudo git pull https://github.com/deeztek/aegis-web-application-firewall.git

This will clone all the changes to the aegis-web-application-firewall directory.

Run the update script as root:

bash ubuntu_aegis_waf_update.sh