aschild
(André Schild)
1
Hello all,
we are trying to increase application security for our vaadin flow applications, by enabling the mod_security2 module on the frontend apache server.
Once the module is activated, the flow application does not work consistently, due to some filtering done by mod_security2.
Has anyone already done the analysis of such a setup, and what needs to be tweaked in mod_security to get it woking correctly?
Or perhaps you have experience with other web application firewalls in front of vaadin applications?
André
knoobie
(Christian Knoop)
2
Take a look at your ruleset / violations and check which offence is triggered.
Hint: Take a look at RuleId 920420
aschild
(André Schild)
3
Thanks a lot, exactly what I was searching for
aschild
(André Schild)
4
As a followup for others:
I had to add this to the /etc/apache2/mods-enable/security2.conf
# For vaadin flow
SecRuleRemoveById 950109
SecRuleRemoveById 980130
SecRuleRemoveById 949110
knoobie
(Christian Knoop)
5
Out of curiosity… you aren’t up to date, or? This RuleID looks like owasp 2 
aschild
(André Schild)
6
Thanks for the hint.
It’s no longer needed in 4.11.0