Install or Update to version 1.9.3 all same
Hello,
Open Source Web Application Firewall
ModSecurity at work

ModSecurity is an open source intrusion detection and prevention engine for web applications (or a web application firewall). Operating as an Apache Web server module or standalone, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks.


Apache 1.x
wget http://www.web4host.net/tools/modsecurity-apache1.sh
chmod 755 modsecurity-apache1.sh
sh modsecurity-apache1.sh


Apache 2.x
wget http://www.web4host.net/tools/modsecurity-apache2.sh
chmod 755 modsecurity-apache2.sh
sh modsecurity-apache2.sh


edit httpd.conf
nano -w /etc/httpd/conf/httpd.conf

find mod_security then past this after

<IfModule mod_security.c>
# Only inspect dynamic requests
# (YOU MUST TEST TO MAKE SURE IT WORKS AS EXPECTED)
#SecFilterEngine DynamicOnly

SecFilterEngine On

# Reject requests with status 500
SecFilterDefaultAction "deny,log,status:500"

# Some sane defaults
SecFilterScanPOST On
SecFilterCheckURLEncoding On
SecFilterCheckCookieFormat On
SecFilterCheckUnicodeEncoding Off
SecFilterNormalizeCookies On
# enable version 1 (RFC 2965) cookies
SecFilterCookieFormat 1

SecServerResponseToken Off

#If you want to scan the output, uncomment these
#SecFilterScanOutput On
#SecFilterOutputMimeTypes "(null) text/html text/plain"

# Accept almost all byte values
SecFilterForceByteRange 1 255

# Server masking is optional
#fake server banner - NOYB used - no one needs to know what we are using
SecServerSignature "Power MOD by web4host.net"

#SecUploadDir /tmp
#SecUploadKeepFiles Off

# Only record the interesting stuff
SecAuditEngine RelevantOnly
SecAuditLog logs/audit_log

# You normally won't need debug logging
SecFilterDebugLevel 0
SecFilterDebugLog logs/modsec_debug_log

#Use one rules - Remove # to active Rules
# V1.0
#Include /etc/modsecurity/mini1.conf
# V2.0
#Include /etc/modsecurity/mini2.conf
# V3.0
#Include /etc/modsecurity/mini3.conf
# V4.0
#Include /etc/modsecurity/mini.conf
# V5.0
#Include /etc/modsecurity/mini.conf
</IfModule>

Search for ‘AddModule’ string, and make sure that AddModule mod_security.c

Do a safe apache restart
/sbin/service httpd restart

Remove # to active Rules (V1.0=low load / V5.0=more load)

if you want update mini rules
wget http://www.web4host.net/tools/modsecurity-rule.sh
chmod 755 modsecurity-rule.sh
./modsecurity-rule.sh


If you use APF with big black list your server load gone higher then normal, use KISS and you will see stable & normal load

Update post here in DirectAdmin Forums (http://www.directadmin.com/forum/showthread.php?s=&threadid=11125)
:)Tested in DA server:peace:


Wael

http://www.web4host.net/ <= The page can't find :(

http://www.web4host.net/ <= The page can't find :(

Try again, work fine with me

Install or Update to version 1.9.3 or 2.0.0 all same
Hello,
Open Source Web Application Firewall
ModSecurity at work

ModSecurity is an open source intrusion detection and prevention engine for web applications (or a web application firewall). Operating as an Apache Web server module or standalone, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks.

Version 1.9.3
Apache 1.x
wget http://www.web4host.net/tools/modsecurity-apache1.sh
chmod 755 modsecurity-apache1.sh
sh modsecurity-apache1.sh


Apache 2.x
wget http://www.web4host.net/tools/modsecurity-apache2.sh
chmod 755 modsecurity-apache2.sh
sh modsecurity-apache2.sh


edit httpd.conf
nano -w /etc/httpd/conf/httpd.conf

find mod_security then past this after

<IfModule mod_security.c>
# Only inspect dynamic requests
# (YOU MUST TEST TO MAKE SURE IT WORKS AS EXPECTED)
#SecFilterEngine DynamicOnly

SecFilterEngine On

# Reject requests with status 500
SecFilterDefaultAction "deny,log,status:500"

# Some sane defaults
SecFilterScanPOST On
SecFilterCheckURLEncoding On
SecFilterCheckCookieFormat On
SecFilterCheckUnicodeEncoding Off
SecFilterNormalizeCookies On
# enable version 1 (RFC 2965) cookies
SecFilterCookieFormat 1

#SecServerResponseToken Off

#If you want to scan the output, uncomment these
#SecFilterScanOutput On
#SecFilterOutputMimeTypes "(null) text/html text/plain"

# Accept almost all byte values
SecFilterForceByteRange 1 255

# Server masking is optional
#fake server banner - NOYB used - no one needs to know what we are using
SecServerSignature "Power MOD by web4host.net"

#SecUploadDir /tmp
#SecUploadKeepFiles Off

# Only record the interesting stuff
SecAuditEngine RelevantOnly
SecAuditLog logs/audit_log

# You normally won't need debug logging
SecFilterDebugLevel 0
SecFilterDebugLog logs/modsec_debug_log

#Additional rules for Apache 2.x ONLY! Do not add this line if you use Apache 1.x
#Include /etc/modsecurity/apache2-rules.conf

#Use one rules - Remove # to active Rules
# V1.0
#Include /etc/modsecurity/mini1.conf
# V2.0
#Include /etc/modsecurity/mini2.conf
# V3.0
#Include /etc/modsecurity/mini3.conf
# V4.0
#Include /etc/modsecurity/mini4.conf
# V5.0
#Include /etc/modsecurity/mini5.conf
# V6.0
#Include /etc/modsecurity/mini.conf
</IfModule>

Search for ‘AddModule’ string, and make sure that AddModule mod_security.c

Do a safe apache restart
/sbin/service httpd restart

******
Version 2.0.0
March 08, 2006
First development release of ModSecurity 2.x

It's that time of year again, when I get to work on new features (instead of supporting the old ones). With a major change to the version number of the way I took the opportunity to introduce major improvements too. ModSecurity 2.0.0-dev1 is available right now and it offers the following major improvements:

* Transaction scoring.
* IP address tracking and blacklisting.
* IP address scoring.
* RPC API.
* Functions (e.g. you are no longer confined to using only regular expressions in rules).
* Real-time Black List (RBL) support.
* Completely re-written response buffering code. It is now more robust, consumes less memory, and able to put a limit on the response size.

The new features are properly documented so you shouldn't have any problems trying them out. I will follow up on some of them here, to explain why I think they will change how you view ModSecurity.

P.S. There is no support for Apache 1.x in this development release.
* http://www.modsecurity.org/blog/archives/2006/03/first_developme.html *

Apache 1.x
wget http://www.web4host.net/tools/modsecurity2-apache1.sh
chmod 755 modsecurity2-apache1.sh
sh modsecurity2-apache1.sh


Apache 2.x
wget http://www.web4host.net/tools/modsecurity2-apache2.sh
chmod 755 modsecurity2-apache2.sh
sh modsecurity2-apache2.sh


edit httpd.conf
nano -w /etc/httpd/conf/httpd.conf

find mod_security then past this after

<IfModule mod_security.c>
# Only inspect dynamic requests
# (YOU MUST TEST TO MAKE SURE IT WORKS AS EXPECTED)
#SecFilterEngine DynamicOnly

SecFilterEngine On

# Reject requests with status 500
SecFilterDefaultAction "deny,log,status:500"

# Some sane defaults
SecFilterScanPOST On
SecFilterCheckURLEncoding On
SecFilterCheckCookieFormat On
SecFilterCheckUnicodeEncoding Off
SecFilterNormalizeCookies On
# enable version 1 (RFC 2965) cookies
SecFilterCookieFormat 1

#SecServerResponseToken Off

#If you want to scan the output, uncomment these
#SecFilterScanOutput On
#SecFilterOutputMimeTypes "(null) text/html text/plain"

# Accept almost all byte values
SecFilterForceByteRange 1 255

# Server masking is optional
#fake server banner - NOYB used - no one needs to know what we are using
SecServerSignature "Power MOD by web4host.net"

#SecUploadDir /tmp
#SecUploadKeepFiles Off

# Only record the interesting stuff
SecAuditEngine RelevantOnly
SecAuditLog logs/audit_log

# You normally won't need debug logging
SecFilterDebugLevel 0
SecFilterDebugLog logs/modsec_debug_log

#Additional rules for Apache 2.x ONLY! Do not add this line if you use Apache 1.x
#Include /etc/modsecurity/apache2-rules.conf

#Use one rules - Remove # to active Rules
# V1.0
#Include /etc/modsecurity/mini1.conf
# V2.0
#Include /etc/modsecurity/mini2.conf
# V3.0
#Include /etc/modsecurity/mini3.conf
# V4.0
#Include /etc/modsecurity/mini4.conf
# V5.0
#Include /etc/modsecurity/mini5.conf
# V6.0
#Include /etc/modsecurity/mini.conf
</IfModule>

Search for ‘AddModule’ string, and make sure that AddModule mod_security.c

Do a safe apache restart
/sbin/service httpd restart

******
if you want update mini rules
wget http://www.web4host.net/tools/modsecurity-rule.sh
chmod 755 modsecurity-rule.sh
./modsecurity-rule.sh


If you use APF with big black list your server load gone higher then normal, use KISS and you will see stable & normal load
All rules work normal no server load

:)
Wael

Version 1.9.4
http://www.directadmin.com/forum/showthread.php?s=&threadid=11125

Install K.I.S.S. My Firewall - Version 2.0
cd /usr/bin/
wget http://www.web4host.net/tools/kiss
chmod 755 kiss
chown root:root kiss

start kiss
/usr/bin/kiss start
stop kiss
/usr/bin/kiss stop
kiss status
/usr/bin/kiss status

ready to use this port
TCP_IN="20 21 22 25 53 80 110 123 143 443 465 993 995 2082 2083 2086 2087 2095 2096 2222 3306 6277 8443 10000 11111 19638"
TCP_OUT="20 21 22 25 37 43 53 80 113 443 3306 6277 11111"


:peace:

When i open httpd.conf and search for the word "mod_security" it doesnt find any results :/ Why is this?

Try again, work fine with me

Doesn't work here either. Care to post the code of that script?

Updated post here
http://www.directadmin.com/forum/showthread.php?s=&threadid=11125

it doesn't work cause the script expects you to have DirectAdmin installed

05:29:02 (292.64 KB/s) - `modsecurity-apache_1.9.4.tar.gz' saved [496805/496805]

cp: cannot create regular file `/usr/local/directadmin/customapache/mod_security.c': No such file or directory
./modsecurity-apache1.sh: line 7: cd: /usr/local/directadmin/customapache/: No such file or directory
./modsecurity-apache1.sh: line 7: /usr/sbin/apxs: No such file or directory

does this mini rules works?

does this mini rules works?