Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status


mod_security (13) Versions 0.2.5

Installs and configures mod_security for Apache2 or IIS

cookbook 'mod_security', '= 0.2.5', :supermarket
cookbook 'mod_security', '= 0.2.5'
knife supermarket install mod_security
knife supermarket download mod_security
Quality 0%


Ever wanted a little guardian angel to protect your chef deployed
servers from the bad guys? Like a bad-ass Jiminy Cricket on your

This package is to make deployment and testing of mod_security easier
with Chef. Right now it centers entirely around the OWASP Core Rule
Sets of mod_security rules. In future, it will allow you to manage/deploy
custom rule/rulesets of your own.

There are 2 main use cases right now:

Install on a real production server

  • Adjust the attributes to your liking and install the default recipe.

Find out what ModSecurity could do for your site in less than 15-minutes.

  • Setup a base chef recipe for a server.
  • Set it to install the default recipe
  • Create a cookbook to reverse proxy to your real server sorta like this: <pre> mod_secure_proxy "my_site" do server_name "" enable_https true # if you want to proxy https too end </pre>
  • Set your local /etc/hosts (or equiv.) file to have that server's IP look like your site
  • Test to your heart's content.
  • Look at /var/log/modsec.log and see what you could be blocking
  • Change the "DetectOnly" attribute to "On" and test some more



This cookbook depends on apache2 and build-essential or IIS for Windows



  • Windows (tested on 2008R2 and 2012R2)
  • Ubuntu (tested on 12.04 and 13.04)
  • Debian (tested on 6.0.8 and 7.2.0)
  • RedHat (untested)
  • CentOS (tested on 6.5)
  • Fedora (untested)
  • FreeBSD (untested)
  • Amazon Linux (tested on 20160701)

Coming Soon

  • Arch (anything else that apache2 supports)


Major ones will be documented soon. For right now check the
attributes file. A few suggestions

  • Compile from source. I normally prefer not to do this, but some core rules break if you don't
  • crs->bundled determines if the bundled version of the crs should be used or if the core rules are downloaded from the SpiderLabs GitHub releases.
  • Base rules should generally be safe, the other groups much less so. There are some rules with inconsistently named data files that are fixed by this cookbook.
  • custom->rules allows you to install your own custom rules
  • custom->datafiles allows you to install your own data files to be used in pmFromFile directives



This installs base, the OWASP core rule set and your own custom rules, adjust
mod_security.install_base,mod_security.install_crs and mod_security.install_custom
to alter this behavior


Installs mod_security for Apache (!Windows)


Installs mod_security for IIS (Windows)


Install the bundled / chef template managed OWASP CRS


Reads custom->rules and custom->datafiles properties and creates .conf and .data
files based on their contents in mod_security/rules which is included by the default
mod_security.conf file

License and Authors

Author:: Jason Rohwedder
Author:: Frank Breedijk
Author:: Gavin Reynolds
Author:: Matthijs Wijers
Author:: Steven Geerts

Copyright:: 2016, HoneyApps, Inc

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
See the License for the specific language governing permissions and
limitations under the License.

Dependent cookbooks

apache2 >= 0.0.0
build-essential >= 0.0.0
apt >= 0.0.0
yum >= 0.0.0
windows >= 0.0.0

Contingent cookbooks

There are no cookbooks that are contingent upon this one.



  • Updated to mod_security 2.7.7 and OWASP CRS 2.2.8
  • Downloading source and CRS tarballs from SpiderLabs GitHub releases
  • Added SHA256 verification of downloaded source and CRS tarballs
  • Downloading tarballs to Chef file cache path instead of under the mod_security dir
  • Added integration testing using test-kitchen across multiple platforms
  • Foodcritic and Rubocop fixes


  • version bump to fix packaging issue


  • add server alias support for mod_secure_proxy definition
  • test and fix data file loading issues in main,srl, and optional rulesets
  • identify experimental rulesets that don't work in our environment yet


  • add RedHat-based distro support


  • upgrade to mod_security 2.6.2
  • flesh out main config options as chef attributes


  • First release

Collaborator Number Metric

0.2.5 failed this metric

Failure: Cookbook has 1 collaborators. A cookbook must have at least 2 collaborators to pass this metric.