Given the high number of attacks that some of my customers suffer constantly, I decided to integrate ModSecurity into Zimbra. As most of these customers use a reverse proxy, I integrated ModSecurity into nginx. The task has been easier than expected, thanks to the clean structure that both Zimbra and ModSecurity have. These are the steps:
1.- Integrate ModSecurity into nginx into the 8.0.7 OS branch of ThirdParty software
2.- Install ModSecurity Core Rule Set and tune the rules for Zimbra use
For the first step I took the patched ModSecurity sources from the Fedora 20 RPM sources ( mod_security-2.7.5-3.fc20.src.rpm ). For the second step I took the Fedora 20 sources (mod_security_crs-2.2.8-2.fc20.src.rpm). The core rules are just config files, no need to compile. I tested all this on CentOS 6.5, but it can easily be converted to a Debian environment.
The most serious security bugs we have suffered in the last 2 years would have been blocked by ModSecurity with its CRS rules. It would be nice if this could be included as an extra feature inside 9.x.
The purpose of this post is to tempt others to test what I did, and get some counsel about how to proceed to propose this work to upstream Zimbra.
The attached tar file contains all the sources and a README with the installation procedure.