£1,680 – £1,920

ModSecurity Masterclass London - November 2019

Event Information

Share this event

Date and Time



Impact Hub King's Cross

34b York Way

Kings Cross


N1 9AB

United Kingdom

View Map

Event description


ModSecurity Masterclass

The Key to ModSecurity and the OWASP ModSecurity Core Rules with Christian Folini

This two-day course will help you set up an Apache webserver and install ModSecurity together with a tight ruleset. We will configure the server and talk about every single detail of the configuration to give you an expert understanding of how your server works and behaves.

The course is taught in small classes.

Why this course is for you

  • Don't spend ages trying to figure out ModSecurity yourself — learn all the tricks with this practical course from a top ModSecurity expert
  • Everything from how to install ModSecurity to how to take security of your applications to a new level
  • Gain insight into ModSecurity blacklisting and whitelisting
  • Learn how to set up the OWASP ModSecurity Core Rules
  • Learn how to extract the information from the server and analyse it without ever leaving the shell

Target Audience

This course is for experienced Apache system administrators who want to boost their security and for maintainers of ModSecurity enabled services who want expert insight into the effective configuration and tuning.

Level: Intermediate / Advanced
Duration: 2 days
Extras: Lunch and refreshments included

We'll also give you a copy of ModSecurity Handbook, Second Edition, by Christian Folini and Ivan Ristić.


  • Basic understanding of HTTP and Apache
  • Comfortable working in the shell
  • A physical or virtual machine with Ubuntu installed (versions: 16.04 LTS, 18.04 LTS, 18.10 and 19.04)

The teaching material will include all examples from the class and enable you to replay the full course at home.

Meet the Trainer

Dr. Christian Folini is a partner at netnea AG in Berne, Switzerland. He holds a PhD in medieval history and enjoys defending castles across Europe. Unfortunately, defending medieval castles is no big business anymore and Christian turned to defending web servers which he thinks equally challenging. With his background in humanities, Christian is able to bridge the gap between techies and non-techies. He brings more than ten years' experience in this role, specialising in Apache / ModSecurity configuration, DDoS defense and threat modeling.

Christian is a frequent committer to the OWASP ModSecurity Core Rule Set, vice president of Swiss Cyber Experts (a public private partnership), program chair of the Swiss Cyberstorm conference and many other things.

Course Outline

1. Setting up Apache
a. Compiling apache yourself
b. Minimalistic Apache configuration
c. Walk through the configuration
d. Extending the logfiles
i. IO and performance data
ii. GeoIP information
iii. TLS protocol and cipher
iv. ModSecurity infos
e. Data extracting done fast
f. Basic statistics on the data

2. Setting up ModSecurity
a. Compiling ModSecurity yourself
b. ModSecurity base configuration
i. Rule Engine
ii. Audit Engine
iii. Request limits

3. First Steps with ModSecurity
a. First rules
b. Full transaction log

4. ModSecurity Blacklisting (negative security model)

5. ModSecurity Whitelisting (positive security model)

6. Enabling the Core Rules
a. Introduction to the Core Rules scoring concept
b. A slightly different approach to their base config
c. Testing core rules in action (includes attack scanner)

7. Tuning the Core Rules
a. Identify false positives
b. Tune away the false positives
c. Calculated approach to setting the scoring limits

8. LogFile visualisation
a. Histograms of traffic data
b. Bell curve distributions in the shell

9. Reverse Proxy setup
a. Setting a standard Reverse Proxy
b. Introduction to some ModRewrite Voodoo
c. Apache Proxy Balancer
d. Combining ModRewrite and Proxy Balancer

10. Effective debugging
a. The 4-shell setup
i. Config window
ii. Controlling Apache
iii. HTTP requests with curl
iv. Logfile monitor
b. Customizing the setup for your environment

11. Open discussion
Bring your ideas and problems to the course and we will discuss them together.


"Christian's training materials, scripts and strategies for tuning, and review of our server config have been invaluable. I'm now pleased to say, based on the skills developed through the Christian's course / consultancy I have managed to get an *effective* mod-security implementation."
Paul Beckett, University of East Anglia

"Christian's explanations are huge! That's impossible to beat."
Toni Tauro, Swiss Post

"Very easy to understand + interesting real life use-cases."
Kirsty Lewis, UK Fast

Terms and Conditions

Feisty Duck's Terms and Conditions and Privacy Policy apply to this training.


Where can I contact the organiser with any questions?
Contact us at training@feistyduck.com with any questions about the event.

What is the refund policy?
Any cancellation by you must be made by emailing training@feistyduck.com.

You may cancel or reschedule a course subject to the following charges:

  • Cancellation or reschedule with more than 60 days’ notice prior to course start date – no charge
  • Cancellation or reschedule with 31-60 days’ notice prior to course start date - 50% of the course fee
  • Cancellation or reschedule with less than 30 days’ notice prior to course start date - 100% of the course fee

Other dates?
Can't make this date? Tickets sold out? Email training@feistyduck.com to be notified about the future dates.

Share with friends

Date and Time


Impact Hub King's Cross

34b York Way

Kings Cross


N1 9AB

United Kingdom

View Map

Save This Event

Event Saved