Replicate firewall rules across multiple web app servers on Enhance cluster

jeffkee

We have a set of modsec rules that are

included at the end of the modsec configuration
Rules will lifts/override some default OWSAP rules to enable our client to use the website admin and WP admin/cron jobs
Also has our own blockers of bots/scrapers we do NOT want to allow.

Now that we are running multiple apache/PHP servers, it would be nice to be able to set this once on the master server, and have it propagate across different servers under the cluster.

As it stands, we modify the custom file located at /etc/modsecurity.d/my-[custom-rules].conf

Then, the master modsec rule (accessible via Enhance UI) has a line at the end:

Include /etc/modsecurity.d/my-[custom-rules].conf

Then we trigger a restart of apache2:

$ systemctl reload apache2

If we can do this ONCE on the master server, and have it spread to the other apache servers, would be a massive time saver (and kill human error odds).

rdbf

Cron job for Rsync on the 'master' server, followed by Cron jobs to trigger the restart on the other servers?

Nickske00

Or a cronjob on the secondary servers with a rsync pull, you can pull and restart at once.