Vaadin flow application behind mod_security2 WAPF

Hello all,

we are trying to increase application security for our vaadin flow applications, by enabling the mod_security2 module on the frontend apache server.

Once the module is activated, the flow application does not work consistently, due to some filtering done by mod_security2.

Has anyone already done the analysis of such a setup, and what needs to be tweaked in mod_security to get it woking correctly?

Or perhaps you have experience with other web application firewalls in front of vaadin applications?

André

Take a look at your ruleset / violations and check which offence is triggered.

Hint: Take a look at RuleId 920420

Thanks a lot, exactly what I was searching for

As a followup for others:

I had to add this to the /etc/apache2/mods-enable/security2.conf

   # For vaadin flow
    SecRuleRemoveById 950109
    SecRuleRemoveById 980130
    SecRuleRemoveById 949110

Out of curiosity… you aren’t up to date, or? This RuleID looks like owasp 2 :grimacing:

Thanks for the hint.
It’s no longer needed in 4.11.0