hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Web Hosting Talk Tutorials : Hosting Security and Technology Tutorials : HOW TO : ModSecurity
Reply

Forum Jump

HOW TO : ModSecurity

Reply Post New Thread In Hosting Security and Technology Tutorials Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 05-07-2006, 11:22 AM
seeker2002 seeker2002 is offline
Junior Guru Wannabe
 
Join Date: Jan 2005
Location: Kingdom of Bahrain
Posts: 56
Thumbs up

HOW TO : ModSecurity


Install or Update to version 1.9.3 all same
Hello,
Open Source Web Application Firewall
ModSecurity at work

ModSecurity is an open source intrusion detection and prevention engine for web applications (or a web application firewall). Operating as an Apache Web server module or standalone, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks.


Apache 1.x
Code:
wget http://www.web4host.net/tools/modsecurity-apache1.sh
chmod 755 modsecurity-apache1.sh
sh modsecurity-apache1.sh

Apache 2.x
Code:
wget http://www.web4host.net/tools/modsecurity-apache2.sh
chmod 755 modsecurity-apache2.sh
sh modsecurity-apache2.sh

edit httpd.conf
Code:
nano -w /etc/httpd/conf/httpd.conf
find mod_security then past this after

Code:
<IfModule mod_security.c>
# Only inspect dynamic requests
# (YOU MUST TEST TO MAKE SURE IT WORKS AS EXPECTED)
#SecFilterEngine DynamicOnly

SecFilterEngine On

# Reject requests with status 500
SecFilterDefaultAction "deny,log,status:500"

# Some sane defaults
SecFilterScanPOST On
SecFilterCheckURLEncoding On
SecFilterCheckCookieFormat On
SecFilterCheckUnicodeEncoding Off
SecFilterNormalizeCookies On
# enable version 1 (RFC 2965) cookies
SecFilterCookieFormat 1

SecServerResponseToken Off

#If you want to scan the output, uncomment these
#SecFilterScanOutput On
#SecFilterOutputMimeTypes "(null) text/html text/plain"

# Accept almost all byte values
SecFilterForceByteRange 1 255

# Server masking is optional
#fake server banner - NOYB used - no one needs to know what we are using
SecServerSignature "Power MOD by web4host.net"

#SecUploadDir /tmp
#SecUploadKeepFiles Off

# Only record the interesting stuff
SecAuditEngine RelevantOnly
SecAuditLog logs/audit_log

# You normally won't need debug logging
SecFilterDebugLevel 0
SecFilterDebugLog logs/modsec_debug_log

#Use one rules - Remove # to active Rules
# V1.0
#Include /etc/modsecurity/mini1.conf
# V2.0
#Include /etc/modsecurity/mini2.conf
# V3.0
#Include /etc/modsecurity/mini3.conf
# V4.0
#Include /etc/modsecurity/mini.conf
# V5.0
#Include /etc/modsecurity/mini.conf
</IfModule>
Search for ‘AddModule’ string, and make sure that AddModule mod_security.c

Do a safe apache restart
Code:
/sbin/service httpd restart
Remove # to active Rules (V1.0=low load / V5.0=more load)

if you want update mini rules
Code:
wget http://www.web4host.net/tools/modsecurity-rule.sh
chmod 755 modsecurity-rule.sh
./modsecurity-rule.sh

If you use APF with big black list your server load gone higher then normal, use KISS and you will see stable & normal load

Update post here in DirectAdmin Forums
Tested in DA server


Wael



Sponsored Links
  #2  
Old 05-07-2006, 11:54 AM
MarsNIIT MarsNIIT is offline
Temporarily Suspended
 
Join Date: Mar 2006
Location: Vietnam
Posts: 95
http://www.web4host.net/ <= The page can't find

  #3  
Old 05-07-2006, 12:13 PM
seeker2002 seeker2002 is offline
Junior Guru Wannabe
 
Join Date: Jan 2005
Location: Kingdom of Bahrain
Posts: 56
Smile

Quote:
Originally Posted by MarsNIIT
http://www.web4host.net/ <= The page can't find
Try again, work fine with me

Sponsored Links
  #4  
Old 05-09-2006, 02:32 AM
seeker2002 seeker2002 is offline
Junior Guru Wannabe
 
Join Date: Jan 2005
Location: Kingdom of Bahrain
Posts: 56
Install or Update to version 1.9.3 or 2.0.0 all same
Hello,
Open Source Web Application Firewall
ModSecurity at work

ModSecurity is an open source intrusion detection and prevention engine for web applications (or a web application firewall). Operating as an Apache Web server module or standalone, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks.

Version 1.9.3
Apache 1.x
Code:
wget http://www.web4host.net/tools/modsecurity-apache1.sh
chmod 755 modsecurity-apache1.sh
sh modsecurity-apache1.sh

Apache 2.x
Code:
wget http://www.web4host.net/tools/modsecurity-apache2.sh
chmod 755 modsecurity-apache2.sh
sh modsecurity-apache2.sh

edit httpd.conf
Code:
nano -w /etc/httpd/conf/httpd.conf
find mod_security then past this after

Code:
<IfModule mod_security.c>
# Only inspect dynamic requests
# (YOU MUST TEST TO MAKE SURE IT WORKS AS EXPECTED)
#SecFilterEngine DynamicOnly

SecFilterEngine On

# Reject requests with status 500
SecFilterDefaultAction "deny,log,status:500"

# Some sane defaults
SecFilterScanPOST On
SecFilterCheckURLEncoding On
SecFilterCheckCookieFormat On
SecFilterCheckUnicodeEncoding Off
SecFilterNormalizeCookies On
# enable version 1 (RFC 2965) cookies
SecFilterCookieFormat 1

#SecServerResponseToken Off

#If you want to scan the output, uncomment these
#SecFilterScanOutput On
#SecFilterOutputMimeTypes "(null) text/html text/plain"

# Accept almost all byte values
SecFilterForceByteRange 1 255

# Server masking is optional
#fake server banner - NOYB used - no one needs to know what we are using
SecServerSignature "Power MOD by web4host.net"

#SecUploadDir /tmp
#SecUploadKeepFiles Off

# Only record the interesting stuff
SecAuditEngine RelevantOnly
SecAuditLog logs/audit_log

# You normally won't need debug logging
SecFilterDebugLevel 0
SecFilterDebugLog logs/modsec_debug_log

#Additional rules for Apache 2.x ONLY!  Do not add this line if you use Apache 1.x
#Include /etc/modsecurity/apache2-rules.conf

#Use one rules - Remove # to active Rules
# V1.0
#Include /etc/modsecurity/mini1.conf
# V2.0
#Include /etc/modsecurity/mini2.conf
# V3.0
#Include /etc/modsecurity/mini3.conf
# V4.0
#Include /etc/modsecurity/mini4.conf
# V5.0
#Include /etc/modsecurity/mini5.conf
# V6.0
#Include /etc/modsecurity/mini.conf
</IfModule>
Search for ‘AddModule’ string, and make sure that AddModule mod_security.c

Do a safe apache restart
Code:
/sbin/service httpd restart
******
Version 2.0.0
March 08, 2006
First development release of ModSecurity 2.x

It's that time of year again, when I get to work on new features (instead of supporting the old ones). With a major change to the version number of the way I took the opportunity to introduce major improvements too. ModSecurity 2.0.0-dev1 is available right now and it offers the following major improvements:

* Transaction scoring.
* IP address tracking and blacklisting.
* IP address scoring.
* RPC API.
* Functions (e.g. you are no longer confined to using only regular expressions in rules).
* Real-time Black List (RBL) support.
* Completely re-written response buffering code. It is now more robust, consumes less memory, and able to put a limit on the response size.

The new features are properly documented so you shouldn't have any problems trying them out. I will follow up on some of them here, to explain why I think they will change how you view ModSecurity.

P.S. There is no support for Apache 1.x in this development release.
* http://www.modsecurity.org/blog/arch...developme.html *

Apache 1.x
Code:
wget http://www.web4host.net/tools/modsecurity2-apache1.sh
chmod 755 modsecurity2-apache1.sh
sh modsecurity2-apache1.sh

Apache 2.x
Code:
wget http://www.web4host.net/tools/modsecurity2-apache2.sh
chmod 755 modsecurity2-apache2.sh
sh modsecurity2-apache2.sh

edit httpd.conf
Code:
nano -w /etc/httpd/conf/httpd.conf
find mod_security then past this after

Code:
<IfModule mod_security.c>
# Only inspect dynamic requests
# (YOU MUST TEST TO MAKE SURE IT WORKS AS EXPECTED)
#SecFilterEngine DynamicOnly

SecFilterEngine On

# Reject requests with status 500
SecFilterDefaultAction "deny,log,status:500"

# Some sane defaults
SecFilterScanPOST On
SecFilterCheckURLEncoding On
SecFilterCheckCookieFormat On
SecFilterCheckUnicodeEncoding Off
SecFilterNormalizeCookies On
# enable version 1 (RFC 2965) cookies
SecFilterCookieFormat 1

#SecServerResponseToken Off

#If you want to scan the output, uncomment these
#SecFilterScanOutput On
#SecFilterOutputMimeTypes "(null) text/html text/plain"

# Accept almost all byte values
SecFilterForceByteRange 1 255

# Server masking is optional
#fake server banner - NOYB used - no one needs to know what we are using
SecServerSignature "Power MOD by web4host.net"

#SecUploadDir /tmp
#SecUploadKeepFiles Off

# Only record the interesting stuff
SecAuditEngine RelevantOnly
SecAuditLog logs/audit_log

# You normally won't need debug logging
SecFilterDebugLevel 0
SecFilterDebugLog logs/modsec_debug_log

#Additional rules for Apache 2.x ONLY!  Do not add this line if you use Apache 1.x
#Include /etc/modsecurity/apache2-rules.conf

#Use one rules - Remove # to active Rules
# V1.0
#Include /etc/modsecurity/mini1.conf
# V2.0
#Include /etc/modsecurity/mini2.conf
# V3.0
#Include /etc/modsecurity/mini3.conf
# V4.0
#Include /etc/modsecurity/mini4.conf
# V5.0
#Include /etc/modsecurity/mini5.conf
# V6.0
#Include /etc/modsecurity/mini.conf
</IfModule>
Search for ‘AddModule’ string, and make sure that AddModule mod_security.c

Do a safe apache restart
Code:
/sbin/service httpd restart
******
if you want update mini rules
Code:
wget http://www.web4host.net/tools/modsecurity-rule.sh
chmod 755 modsecurity-rule.sh
./modsecurity-rule.sh

If you use APF with big black list your server load gone higher then normal, use KISS and you will see stable & normal load
All rules work normal no server load


Wael

  #5  
Old 06-02-2006, 06:20 AM
seeker2002 seeker2002 is offline
Junior Guru Wannabe
 
Join Date: Jan 2005
Location: Kingdom of Bahrain
Posts: 56

  #6  
Old 06-04-2006, 03:11 AM
seeker2002 seeker2002 is offline
Junior Guru Wannabe
 
Join Date: Jan 2005
Location: Kingdom of Bahrain
Posts: 56
Thumbs up

Install K.I.S.S. My Firewall - Version 2.0
Code:
cd /usr/bin/
wget http://www.web4host.net/tools/kiss
chmod 755 kiss
chown root:root kiss
start kiss
Code:
/usr/bin/kiss start
stop kiss
Code:
/usr/bin/kiss stop
kiss status
Code:
/usr/bin/kiss status
ready to use this port
Code:
TCP_IN="20 21 22 25 53 80 110 123 143 443 465 993 995 2082 2083 2086 2087 2095 2096 2222 3306 6277 8443 10000 11111 19638"
TCP_OUT="20 21 22 25 37 43 53 80 113 443 3306 6277 11111"


  #7  
Old 08-03-2006, 05:49 AM
BmXStuD BmXStuD is offline
WHT Addict
 
Join Date: Jun 2006
Location: Midwest Chicago
Posts: 131
When i open httpd.conf and search for the word "mod_security" it doesnt find any results :/ Why is this?

__________________
GottaDeal.com - Hot Deals, Coupon Codes and Deal Finder Service

  #8  
Old 08-03-2006, 10:57 AM
tamar tamar is offline
Junior Guru
 
Join Date: May 2006
Posts: 232
Quote:
Originally Posted by seeker2002
Try again, work fine with me
Doesn't work here either. Care to post the code of that script?

  #9  
Old 08-07-2006, 03:03 AM
seeker2002 seeker2002 is offline
Junior Guru Wannabe
 
Join Date: Jan 2005
Location: Kingdom of Bahrain
Posts: 56

  #10  
Old 08-15-2006, 05:36 AM
duntuk duntuk is offline
Junior Guru Wannabe
 
Join Date: Jan 2002
Location: Miami / Brooklyn, NY
Posts: 71
it doesn't work cause the script expects you to have DirectAdmin installed

Code:
05:29:02 (292.64 KB/s) - `modsecurity-apache_1.9.4.tar.gz' saved [496805/496805]

cp: cannot create regular file `/usr/local/directadmin/customapache/mod_security.c': No such file or directory
./modsecurity-apache1.sh: line 7: cd: /usr/local/directadmin/customapache/: No such file or directory
./modsecurity-apache1.sh: line 7: /usr/sbin/apxs: No such file or directory

  #11  
Old 08-23-2006, 03:14 AM
jayzee jayzee is offline
Web Hosting Master
 
Join Date: Apr 2004
Location: Singapore
Posts: 617
does this mini rules works?

  #12  
Old 08-24-2008, 10:46 PM
LINUXGeeKs LINUXGeeKs is offline
New Member
 
Join Date: Aug 2008
Posts: 0
does this mini rules works?

  #13  
Old 11-09-2010, 02:33 AM
08A4210 08A4210 is offline
Junior Guru Wannabe
 
Join Date: Oct 2010
Posts: 94
this post needs update

  #14  
Old 04-15-2011, 04:35 PM
biswjitjei02 biswjitjei02 is offline
Temporarily Suspended
 
Join Date: Apr 2011
Posts: 1
not working the codes given plz update

  #15  
Old 04-29-2011, 01:40 PM
ajonate ajonate is offline
Web Hosting Master
 
Join Date: Apr 2011
Location: Las Vegas, NV
Posts: 1,513
For CentOS 5.x, RHEL 5.x, and some Fedora the install is very simple.

# cd /tmp
# wget http://entomy.com/epel-release-5-4.noarch.rpm
# rpm -ivh epel-release-5-4.noarch.rpm
# yum install mod_security
# /etc/rc.d/init.d/httpd restart


Mod_security is now installed & running with the default configuration, which normally works fine. If you wish to modify the configuration for some reason, edit the following file.

/etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf

If you edit that file you will need to restart httpd again to apply changes.


Last edited by ajonate; 04-29-2011 at 01:46 PM.
Reply

Related posts from TheWhir.com
Title Type Date Posted
Parallels Helps Service Providers Tap SMB Cloud Opportunity with New Offerings, Partnerships Web Hosting News 2014-02-28 13:28:49
Hard-to-Find Malicious DLL Found in Some Microsoft IIS Web Servers Web Hosting News 2013-12-10 12:52:53
Runa Capital Invests in Web Security Solution Wallarm Web Hosting News 2013-11-06 16:18:36
Security Compliance Firm Trustwave Launches Security Education Services Web Hosting News 2012-09-07 13:55:48
Trustwave ModSecurity Web Application Firewall Now Supports Microsoft IIS, nginx Web Hosting News 2012-07-30 14:58:24


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?