How to install mod_security for Apache - Jaguarpc
Sep 17, 2006

How to install mod_security for Apache

Share With
How to install mod_security for Apache ———————————— What is mod_security? ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella – shielding applications from attacks. ModSecurity supports both branches of the Apache web server. ————————————-You can install mod_security on Apache 1.3x or 2.x Installation steps : 1) Download modsecurity-apache-1.9.2 # wget http://www.modsecurity.org/download…he-1.9.2.tar.gz # tar zxvf modsecurity-apache-1.9.2.tar.gz # cd modsecurity-apache-1.9.2/ 2) Now you need to determine which version of apache you use: If it’s APACHE 1.3.x then # cd apache1/ If it’s APACHE 2.x then # cd apache2/ Note : To check apache version give httpd -v command or type http://ip/xyz you will get apache version. 3) Lets Compile the module now: Find apxs files path # locate apxs If path is /usr/sbin/apxs then give following command # /usr/sbin/apxs -cia mod_security.c 4) Ok, now its time to edit the httpd conf file. First we will make a backup just incase something goes wrong: cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.backup or cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.backup 5) Now that we have backed it all up, we can edit the httpd.conf. Replace pico with nano depending on what you have vi /usr/local/apache/conf/httpd.conf or vi /etc/httpd/conf/httpd.conf Now add this : ——————————- SecFilterEngine On SecServerSignature “Apache” SecFilterCheckUnicodeEncoding Off SecAuditEngine RelevantOnly SecAuditLog logs/audit_log SecFilterScanPOST On SecFilterDefaultAction “deny,log,status:403” SecFilterSelective REQUEST_METHOD “^POST$” chain SecFilterSelective HTTP_Content-Length “^$” SecFilterSelective HTTP_Transfer-Encoding “!^$” SecFilterSelective ARG_PHPSESSID “!^[0-9a-z]*$” SecFilterSelective COOKIE_PHPSESSID “!^[0-9a-z]*$” SecFilter “../” SecFilter “viewtopic\.php\?” chain SecFilter “chr\(([0-9]{1,3})\)” “deny,log” SecFilterSelective THE_REQUEST “wget ” SecFilterSelective THE_REQUEST “lynx ” SecFilterSelective THE_REQUEST “scp ” SecFilterSelective THE_REQUEST “ftp ” SecFilterSelective THE_REQUEST “cvs ” SecFilterSelective THE_REQUEST “rcp ” SecFilterSelective THE_REQUEST “curl ” SecFilterSelective THE_REQUEST “telnet ” SecFilterSelective THE_REQUEST “ssh ” SecFilterSelective THE_REQUEST “echo ” SecFilterSelective THE_REQUEST “links -dump ” SecFilterSelective THE_REQUEST “links -dump-charset ” SecFilterSelective THE_REQUEST “links -dump-width ” SecFilterSelective THE_REQUEST “links http:// ” SecFilterSelective THE_REQUEST “links ftp:// ” SecFilterSelective THE_REQUEST “links -source ” SecFilterSelective THE_REQUEST “mkdir ” SecFilterSelective THE_REQUEST “cd /tmp ” SecFilterSelective THE_REQUEST “cd /var/tmp ” SecFilterSelective THE_REQUEST “cd /etc/httpd/proxy ” SecFilterSelective THE_REQUEST “/config.php?v=1&DIR ” SecFilterSelective THE_REQUEST “/../../ ” SecFilterSelective THE_REQUEST “&highlight=%2527%252E ” SecFilterSelective THE_REQUEST “changedir=%2Ftmp%2F.php ” # Very crude filters to prevent SQL injection attacks SecFilter “delete[[:space:]]+from” SecFilter “insert[[:space:]]+into” SecFilter “select.+from” # Weaker XSS protection but allows common HTML tags SecFilter “” :wq! ——————————– 6) Restart apache # service httpd restart You’ve successfully installed mod_security! Best Regards, Shane Bewick
Share With

Leave a Reply