Advanced: ModSecurity

Use Security > Advanced > ModSecurity to enable an additional layer of protection against future security vulnerabilities. ModSecurity is an open source web application firewall  (www.modsecurity.org). If certain types of public security vulnerabilities impact Core in the future, MobileIron can notify customers to enable ModSecurity. In these cases, MobileIron will provide a URL of a rules file hosted by MobileIron. The file contains ModSecurity rules that protect Core from security vulnerabilities and you can protect your Core without upgrading to a new Core release.

Do not enable ModSecurity unless Ivanti notifies you to do so.

This section includes the following topics:

• Enabling ModSecurity
• Configuring Detection Only mode
• Viewing ModSecurity logs

Enabling ModSecurity

If a future public security vulnerability impacts Core, MobileIron will contact you to do the following:

Procedure 

1. Log into System Manager.
2. Go to Security > Advanced > ModSecurity.
3. Go to the ModSecurity Configuration options.
4. Set Status to Enabled.
5. Set Remote Rule Server URL to the URL that MobileIron provided to you.

6. Set Audit Logging to Enabled.

   Enabling audit logging means any activity relating to the security vulnerability is logged.

7. Click Apply > OK.

Configuring Detection Only mode

Sometimes MobileIron will direct you to configure ModSecurity to detect a specific type of attack on Core without performing any action to block it.

Procedure 

1. Log into System Manager.
2. Go to Security > Advanced > ModSecurity.
3. Go to the ModSecurity Configuration options.
4. Set Status to Detection Only.
5. Set Remote Rule Server URL to the URL that MobileIron provided to you.

6. Set Audit Logging to Enabled.

   Enabling audit logging means any activity relating to the security vulnerability is logged.

7. Click Apply > OK.

Viewing ModSecurity logs

When you have enabled ModSecurity, or configured it in detection only mode, Core logs related information.

Procedure 

1. Log into System Manager.
2. Go to Security > Troubleshooting > Logs.
3. Go to the Export Logs section.
4. Select Show Tech.
5. Go to Type and select Download.
6. Click Download.

The log files containing ModSecurity information are:

• modsec_audit.log if you enabled ModSecurity
• error_log.log if you configured ModSecurity in detection only mode