Results 1 to 17 of 17
Thread: HOW TO : ModSecurity
-
05-07-2006, 11:22 AM #1Junior Guru Wannabe
- Join Date
- Jan 2005
- Location
- Kingdom of Bahrain
- Posts
- 76
HOW TO : ModSecurity
Install or Update to version 1.9.3 all same
Hello,
Open Source Web Application Firewall
ModSecurity at work
ModSecurity is an open source intrusion detection and prevention engine for web applications (or a web application firewall). Operating as an Apache Web server module or standalone, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks.
Apache 1.x
Code:wget http://www.web4host.net/tools/modsecurity-apache1.sh chmod 755 modsecurity-apache1.sh sh modsecurity-apache1.sh
Apache 2.x
Code:wget http://www.web4host.net/tools/modsecurity-apache2.sh chmod 755 modsecurity-apache2.sh sh modsecurity-apache2.sh
edit httpd.conf
Code:nano -w /etc/httpd/conf/httpd.conf
Code:<IfModule mod_security.c> # Only inspect dynamic requests # (YOU MUST TEST TO MAKE SURE IT WORKS AS EXPECTED) #SecFilterEngine DynamicOnly SecFilterEngine On # Reject requests with status 500 SecFilterDefaultAction "deny,log,status:500" # Some sane defaults SecFilterScanPOST On SecFilterCheckURLEncoding On SecFilterCheckCookieFormat On SecFilterCheckUnicodeEncoding Off SecFilterNormalizeCookies On # enable version 1 (RFC 2965) cookies SecFilterCookieFormat 1 SecServerResponseToken Off #If you want to scan the output, uncomment these #SecFilterScanOutput On #SecFilterOutputMimeTypes "(null) text/html text/plain" # Accept almost all byte values SecFilterForceByteRange 1 255 # Server masking is optional #fake server banner - NOYB used - no one needs to know what we are using SecServerSignature "Power MOD by web4host.net" #SecUploadDir /tmp #SecUploadKeepFiles Off # Only record the interesting stuff SecAuditEngine RelevantOnly SecAuditLog logs/audit_log # You normally won't need debug logging SecFilterDebugLevel 0 SecFilterDebugLog logs/modsec_debug_log #Use one rules - Remove # to active Rules # V1.0 #Include /etc/modsecurity/mini1.conf # V2.0 #Include /etc/modsecurity/mini2.conf # V3.0 #Include /etc/modsecurity/mini3.conf # V4.0 #Include /etc/modsecurity/mini.conf # V5.0 #Include /etc/modsecurity/mini.conf </IfModule>
Do a safe apache restart
Code:/sbin/service httpd restart
if you want update mini rules
Code:wget http://www.web4host.net/tools/modsecurity-rule.sh chmod 755 modsecurity-rule.sh ./modsecurity-rule.sh
If you use APF with big black list your server load gone higher then normal, use KISS and you will see stable & normal load
Update post here in DirectAdmin Forums
Tested in DA server
Wael
-
05-07-2006, 11:54 AM #2Temporarily Suspended
- Join Date
- Mar 2006
- Location
- Vietnam
- Posts
- 98
http://www.web4host.net/ <= The page can't find
-
05-07-2006, 12:13 PM #3Junior Guru Wannabe
- Join Date
- Jan 2005
- Location
- Kingdom of Bahrain
- Posts
- 76
Originally Posted by MarsNIIT
-
05-09-2006, 02:32 AM #4Junior Guru Wannabe
- Join Date
- Jan 2005
- Location
- Kingdom of Bahrain
- Posts
- 76
Install or Update to version 1.9.3 or 2.0.0 all same
Hello,
Open Source Web Application Firewall
ModSecurity at work
ModSecurity is an open source intrusion detection and prevention engine for web applications (or a web application firewall). Operating as an Apache Web server module or standalone, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks.
Version 1.9.3
Apache 1.x
Code:wget http://www.web4host.net/tools/modsecurity-apache1.sh chmod 755 modsecurity-apache1.sh sh modsecurity-apache1.sh
Apache 2.x
Code:wget http://www.web4host.net/tools/modsecurity-apache2.sh chmod 755 modsecurity-apache2.sh sh modsecurity-apache2.sh
edit httpd.conf
Code:nano -w /etc/httpd/conf/httpd.conf
Code:<IfModule mod_security.c> # Only inspect dynamic requests # (YOU MUST TEST TO MAKE SURE IT WORKS AS EXPECTED) #SecFilterEngine DynamicOnly SecFilterEngine On # Reject requests with status 500 SecFilterDefaultAction "deny,log,status:500" # Some sane defaults SecFilterScanPOST On SecFilterCheckURLEncoding On SecFilterCheckCookieFormat On SecFilterCheckUnicodeEncoding Off SecFilterNormalizeCookies On # enable version 1 (RFC 2965) cookies SecFilterCookieFormat 1 #SecServerResponseToken Off #If you want to scan the output, uncomment these #SecFilterScanOutput On #SecFilterOutputMimeTypes "(null) text/html text/plain" # Accept almost all byte values SecFilterForceByteRange 1 255 # Server masking is optional #fake server banner - NOYB used - no one needs to know what we are using SecServerSignature "Power MOD by web4host.net" #SecUploadDir /tmp #SecUploadKeepFiles Off # Only record the interesting stuff SecAuditEngine RelevantOnly SecAuditLog logs/audit_log # You normally won't need debug logging SecFilterDebugLevel 0 SecFilterDebugLog logs/modsec_debug_log #Additional rules for Apache 2.x ONLY! Do not add this line if you use Apache 1.x #Include /etc/modsecurity/apache2-rules.conf #Use one rules - Remove # to active Rules # V1.0 #Include /etc/modsecurity/mini1.conf # V2.0 #Include /etc/modsecurity/mini2.conf # V3.0 #Include /etc/modsecurity/mini3.conf # V4.0 #Include /etc/modsecurity/mini4.conf # V5.0 #Include /etc/modsecurity/mini5.conf # V6.0 #Include /etc/modsecurity/mini.conf </IfModule>
Do a safe apache restart
Code:/sbin/service httpd restart
Version 2.0.0
March 08, 2006
First development release of ModSecurity 2.x
It's that time of year again, when I get to work on new features (instead of supporting the old ones). With a major change to the version number of the way I took the opportunity to introduce major improvements too. ModSecurity 2.0.0-dev1 is available right now and it offers the following major improvements:
* Transaction scoring.
* IP address tracking and blacklisting.
* IP address scoring.
* RPC API.
* Functions (e.g. you are no longer confined to using only regular expressions in rules).
* Real-time Black List (RBL) support.
* Completely re-written response buffering code. It is now more robust, consumes less memory, and able to put a limit on the response size.
The new features are properly documented so you shouldn't have any problems trying them out. I will follow up on some of them here, to explain why I think they will change how you view ModSecurity.
P.S. There is no support for Apache 1.x in this development release.
* http://www.modsecurity.org/blog/arch...developme.html *
Apache 1.x
Code:wget http://www.web4host.net/tools/modsecurity2-apache1.sh chmod 755 modsecurity2-apache1.sh sh modsecurity2-apache1.sh
Apache 2.x
Code:wget http://www.web4host.net/tools/modsecurity2-apache2.sh chmod 755 modsecurity2-apache2.sh sh modsecurity2-apache2.sh
edit httpd.conf
Code:nano -w /etc/httpd/conf/httpd.conf
Code:<IfModule mod_security.c> # Only inspect dynamic requests # (YOU MUST TEST TO MAKE SURE IT WORKS AS EXPECTED) #SecFilterEngine DynamicOnly SecFilterEngine On # Reject requests with status 500 SecFilterDefaultAction "deny,log,status:500" # Some sane defaults SecFilterScanPOST On SecFilterCheckURLEncoding On SecFilterCheckCookieFormat On SecFilterCheckUnicodeEncoding Off SecFilterNormalizeCookies On # enable version 1 (RFC 2965) cookies SecFilterCookieFormat 1 #SecServerResponseToken Off #If you want to scan the output, uncomment these #SecFilterScanOutput On #SecFilterOutputMimeTypes "(null) text/html text/plain" # Accept almost all byte values SecFilterForceByteRange 1 255 # Server masking is optional #fake server banner - NOYB used - no one needs to know what we are using SecServerSignature "Power MOD by web4host.net" #SecUploadDir /tmp #SecUploadKeepFiles Off # Only record the interesting stuff SecAuditEngine RelevantOnly SecAuditLog logs/audit_log # You normally won't need debug logging SecFilterDebugLevel 0 SecFilterDebugLog logs/modsec_debug_log #Additional rules for Apache 2.x ONLY! Do not add this line if you use Apache 1.x #Include /etc/modsecurity/apache2-rules.conf #Use one rules - Remove # to active Rules # V1.0 #Include /etc/modsecurity/mini1.conf # V2.0 #Include /etc/modsecurity/mini2.conf # V3.0 #Include /etc/modsecurity/mini3.conf # V4.0 #Include /etc/modsecurity/mini4.conf # V5.0 #Include /etc/modsecurity/mini5.conf # V6.0 #Include /etc/modsecurity/mini.conf </IfModule>
Do a safe apache restart
Code:/sbin/service httpd restart
if you want update mini rules
Code:wget http://www.web4host.net/tools/modsecurity-rule.sh chmod 755 modsecurity-rule.sh ./modsecurity-rule.sh
If you use APF with big black list your server load gone higher then normal, use KISS and you will see stable & normal load
All rules work normal no server load
Wael
-
06-02-2006, 06:20 AM #5Junior Guru Wannabe
- Join Date
- Jan 2005
- Location
- Kingdom of Bahrain
- Posts
- 76
Version 1.9.4
http://www.directadmin.com/forum/sho...threadid=11125
-
06-04-2006, 03:11 AM #6Junior Guru Wannabe
- Join Date
- Jan 2005
- Location
- Kingdom of Bahrain
- Posts
- 76
Install K.I.S.S. My Firewall - Version 2.0
Code:cd /usr/bin/ wget http://www.web4host.net/tools/kiss chmod 755 kiss chown root:root kiss
Code:/usr/bin/kiss start
Code:/usr/bin/kiss stop
Code:/usr/bin/kiss status
Code:TCP_IN="20 21 22 25 53 80 110 123 143 443 465 993 995 2082 2083 2086 2087 2095 2096 2222 3306 6277 8443 10000 11111 19638" TCP_OUT="20 21 22 25 37 43 53 80 113 443 3306 6277 11111"
-
08-03-2006, 05:49 AM #7WHT Addict
- Join Date
- Jun 2006
- Location
- Midwest Chicago
- Posts
- 132
When i open httpd.conf and search for the word "mod_security" it doesnt find any results :/ Why is this?
GottaDeal.com - Hot Deals, Coupon Codes and Deal Finder Service
-
08-03-2006, 10:57 AM #8Junior Guru
- Join Date
- May 2006
- Posts
- 244
Originally Posted by seeker2002
-
08-07-2006, 03:03 AM #9Junior Guru Wannabe
- Join Date
- Jan 2005
- Location
- Kingdom of Bahrain
- Posts
- 76
Updated post here
http://www.directadmin.com/forum/sho...threadid=11125
-
08-15-2006, 05:36 AM #10Junior Guru Wannabe
- Join Date
- Jan 2002
- Location
- Miami / Brooklyn, NY
- Posts
- 73
it doesn't work cause the script expects you to have DirectAdmin installed
Code:05:29:02 (292.64 KB/s) - `modsecurity-apache_1.9.4.tar.gz' saved [496805/496805] cp: cannot create regular file `/usr/local/directadmin/customapache/mod_security.c': No such file or directory ./modsecurity-apache1.sh: line 7: cd: /usr/local/directadmin/customapache/: No such file or directory ./modsecurity-apache1.sh: line 7: /usr/sbin/apxs: No such file or directory
-
08-23-2006, 03:14 AM #11Web Hosting Master
- Join Date
- Apr 2004
- Location
- Singapore
- Posts
- 620
does this mini rules works?
-
08-24-2008, 10:46 PM #12New Member
- Join Date
- Aug 2008
- Posts
- 1
does this mini rules works?
-
11-09-2010, 02:33 AM #13Junior Guru Wannabe
- Join Date
- Oct 2010
- Posts
- 95
this post needs update
-
04-15-2011, 04:35 PM #14Temporarily Suspended
- Join Date
- Apr 2011
- Posts
- 2
not working the codes given plz update
-
04-29-2011, 01:40 PM #15Web Hosting Master
- Join Date
- Apr 2011
- Location
- Las Vegas, NV
- Posts
- 1,643
For CentOS 5.x, RHEL 5.x, and some Fedora the install is very simple.
# cd /tmp
# wget http://entomy.com/epel-release-5-4.noarch.rpm
# rpm -ivh epel-release-5-4.noarch.rpm
# yum install mod_security
# /etc/rc.d/init.d/httpd restart
Mod_security is now installed & running with the default configuration, which normally works fine. If you wish to modify the configuration for some reason, edit the following file.
/etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf
If you edit that file you will need to restart httpd again to apply changes.Last edited by ajonate; 04-29-2011 at 01:46 PM.
-
05-07-2011, 09:38 PM #16Temporarily Suspended
- Join Date
- May 2011
- Posts
- 10
Dead links? Can someone give me a new version please?
-Hazz
-
05-07-2011, 10:03 PM #17Web Hosting Master
- Join Date
- Apr 2011
- Location
- Las Vegas, NV
- Posts
- 1,643