Advanced: ModSecurity

Use Security > Advanced > ModSecurity to enable an additional layer of protection against future security vulnerabilities. ModSecurity is an open source web application firewall  (www.modsecurity.org). If certain types of public security vulnerabilities impact Ivanti EPMM in the future, Ivanti EPMM can notify customers to enable ModSecurity. In these cases, Ivanti EPMM will provide a URL of a rules file hosted by Ivanti. The file contains ModSecurity rules that protect Ivanti EPMM from security vulnerabilities and you can protect your Ivanti EPMM without upgrading to a new Ivanti EPMM release.

Do not enable ModSecurity unless Ivanti notifies you to do so.

This section includes the following topics:

Enabling ModSecurity

If a future public security vulnerability impacts Ivanti EPMM, Ivanti will contact you to do the following:

Procedure 

  1. Log into System Manager.
  2. Go to Security > Advanced > ModSecurity.
  3. Go to the ModSecurity Configuration options.
  4. Set Status to Enabled.
  5. Set Remote Rule Server URL to the URL that Ivanti provided to you.

  6. Set Audit Logging to Enabled.

    Enabling audit logging means any activity relating to the security vulnerability is logged.

  7. Click Apply > OK.

Configuring Detection Only mode

Sometimes Ivanti will direct you to configure ModSecurity to detect a specific type of attack on Ivanti EPMM without performing any action to block it.

Procedure 

  1. Log into System Manager.
  2. Go to Security > Advanced > ModSecurity.
  3. Go to the ModSecurity Configuration options.
  4. Set Status to Detection Only.
  5. Set Remote Rule Server URL to the URL that Ivanti provided to you.

  6. Set Audit Logging to Enabled.

    Enabling audit logging means any activity relating to the security vulnerability is logged.

  7. Click Apply > OK.

Viewing ModSecurity logs

When you have enabled ModSecurity, or configured it in detection only mode, Ivanti EPMM logs related information.

Procedure 

  1. Log into System Manager.
  2. Go to Security > Troubleshooting > Logs.
  3. Go to the Export Logs section.
  4. Select Show Tech.
  5. Go to Type and select Download.
  6. Click Download.

The log files containing ModSecurity information are:

  • modsec_audit.log if you enabled ModSecurity
  • error_log.log if you configured ModSecurity in detection only mode