https://www.modsecurity.org/
https://www.modsecurity.org/download.html
https://github.com/SpiderLabs/ModSecurity
https://github.com/SpiderLabs/ModSecurity/wiki
https://modsecurity.org/crs/
https://github.com/SpiderLabs/owasp-modsecurity-crs
https://coreruleset.org/installation/
https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project
http://f2ex.cn/nginx-installed-configuration-modsecurity-waf/
https://www.netnea.com/cms/nginx-tutorial-6_embedding-modsecurity/
echo "deb http://etc.inittab.org/~agi/debian/libapache-mod-security2/ etch/" >> /etc/apt/sources.list
apt-get update
apt-get install libxml2 libxml2-dev libxml2-utils
apt-get install libaprutil1 libaprutil1-dev
apt-get install libapache2-mod-security2
service apache2 reload
apt-get update -y # 更新软件信息数据库
apt-get dist-upgrade -y # 这一步安装所有可用更新,包括新内核
apt-get upgrade -y # 进行系统升级
apt autoremove
apt clean
cd /etc/modsecurity/
mv modsecurity.conf-recommended modsecurity.conf
sed -i "s/SecRuleEngine DetectionOnly/SecRuleEngine On/" /etc/modsecurity/modsecurity.conf
sed -i "s/SecResponseBodyAccess On/SecResponseBodyAccess Off/" /etc/modsecurity/modsecurity.conf
#启用modsecurity模块
a2enmod headers
a2enmod security2
service apache2 restart
tail /var/log/apache2/modsec_audit.log # 查看modsecurity日志文件看具体的拦截情况
http://www.htmltoo.com/
