Modsecurity and ZoneMinder

[Pedulla]

Looking for a 'how-to' configure/use modsecurity and ZM.

The Core Rules, when turned on, results in Access Forbidden... of all ZM pages.

Here on modsecurity.org they list a series of applications that appear to have been pre-configured.
https://www.modsecurity.org/application_coverage.html

Searches through the modsecurity wiki/mail list do not turn up anything and my friend google has not been much help.

I'm running ZM 1.28.1 on Ubuntu Server 14.04.x LTS, with the typical LAMP setup.

Thanks in advance!

[Nerre]

From what I understand you can test changing SecRuleEngine to DetectionOnly to see in the logs what the problem is.

I just tried to install mod_security2 on my newly set up Zoneminder box and it works like a charm even after setting SecRuleEngine to On. I'm running Debian Jessie with ZM 1.28.1, with the www-root pointing straight to ZM.

[Pedulla]

@Nerre,
Are you using a www.name... or direct IP to hit your ZM server?

[Pedulla]

Okay, I've done a little more work on this... I installed the owasp-modsecurity-crs v2.2.9 rule set.
For starters this rule set does not allow you to access ZM with an IP address.
I resolved that by adding ZM to my /etc/hosts file.

Now going through other functionality of ZM I'm met with several other access denials because of one thing or another; for example when configuring a monitor you can't get to the Source tab.

So rather than disabling all the rules that break ZM, is anyone aware of a ModSecurity rule set for ZM?
-or-
Do I simply use the very base functionality in ModSecurity with no rules; is that even worth it?

[Nerre]

Even with no rule sets modsecurity takes care of some issues.