Creating ModSecurity WAF Rules

Results and Reports

Veracode ModSecurity rules attempt to block vulnerabilities identified by DynamicDS scans. These rules are not guaranteed nor designed to fix every vulnerability discovered. Veracode recommends an in-depth defense strategy that also may require code-level remediation.

After uploading these rules to your WAF, verify their effectiveness by performing another DynamicDS scan.

To create ModSecurity rules:
  1. From the DynamicDS scan status page, click WAF Integration.
  2. Enter the ID for the first rule. ModSecurity rules have identification (ID) numbers. The First Rule ID field specifies the ID of the first rule we include in the ModSecurity rules file.The ID value increments with successive issues.It is important to generate rules with identifiers that do not conflict withIDs already in use.
  3. Select the severity of the security rule from the dropdown menu. The default is 4 - Warning.
  4. Click Generate.

    Veracode generates a text file containing the ModSecurity rules that you can upload to the your WAF.