Mod security: Difference between revisions
From ICO wiki
Jump to navigationJump to search
Created page with '<source lang="bash"> sudo apt-get update sudo apt-get install libapache2-modsecurity </source>' |
No edit summary |
||
| (13 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
<source lang="bash"> | <source lang="bash"> | ||
sudo apt-get update | sudo apt-get update | ||
sudo apt-get install libxml2 libxml2-dev libxml2-utils | |||
sudo apt-get install libapache2-modsecurity | sudo apt-get install libapache2-modsecurity | ||
ln -sf /usr/lib/x86_64-linux-gnu/libxml2.so.2 /usr/lib/libxml2.so.2 | |||
sudo mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf | |||
cd /tmp | |||
sudo wget https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/v2.2.5 -O modsecurity-crs_2.2.5.tar.gz | |||
sudo tar zxf modsecurity-crs_2.2.5.tar.gz | |||
sudo mv SpiderLabs-owasp-modsecurity-crs-5c28b52 modsecurity-crs_2.2.5 | |||
sudo cp -R modsecurity-crs_2.2.5/* /etc/modsecurity/ | |||
sudo rm modsecurity-crs_2.2.5.tar.gz | |||
sudo rm modsecurity-crs_2.2.5 -r | |||
sudo mv /etc/modsecurity/modsecurity_crs_10_setup.conf.example /etc/modsecurity/modsecurity_crs_10_setup.conf | |||
#To enable rulesets create /etc/apache2/conf.d/modsecurity.conf file with following content: | |||
<ifmodule mod_security2.c> | |||
SecRuleEngine On | |||
</ifmodule> | |||
sudo a2enmod mod-security | |||
sudo service apache2 restart | |||
</source> | </source> | ||
Fail /etc/apache2/mods-enabled/mod-security.conf | |||
<source lang="bash"> | |||
<IfModule security2_module> | |||
# Default Debian dir for modsecurity's persistent data | |||
SecDataDir /var/cache/modsecurity | |||
# Include all the *.conf files in /etc/modsecurity. | |||
# Keeping your local configuration in that directory | |||
# will allow for an easy upgrade of THIS file and | |||
# make your life easier | |||
Include "/etc/modsecurity/*.conf" | |||
Include "/etc/modsecurity/activated_rules/*.conf" | |||
# Include "/etc/modsecurity/optional_rules/*.conf" | |||
Include "/etc/modsecurity/base_rules/*.conf" | |||
</IfModule> | |||
</source> | |||
https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project | |||
http://blog.spiderlabs.com/2011/07/modsecurity-sql-injection-challenge-lessons-learned.html | |||
==Veateate muutmine== | |||
Mõne ründe avastamisel suunatakse vaikimisi ümber lehele, mis näitab veateadet "Forbidden". | |||
Et seda muuta, tuleks Apache VirtualHosti confi lisada järgmine rida: | |||
<pre>ErrorDocument 403 /sinu/custom/errori/leht.php</pre> | |||
''leht.php'' võiks olla näiteks lihtne php script, mis suunab tagasi lehele, kust tuldi (HTTP referer): | |||
<source lang="php"><?php | |||
header('Location: ' . $_SERVER['HTTP_REFERER']); | |||
?></source> | |||
Latest revision as of 09:30, 19 May 2014
sudo apt-get update
sudo apt-get install libxml2 libxml2-dev libxml2-utils
sudo apt-get install libapache2-modsecurity
ln -sf /usr/lib/x86_64-linux-gnu/libxml2.so.2 /usr/lib/libxml2.so.2
sudo mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
cd /tmp
sudo wget https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/v2.2.5 -O modsecurity-crs_2.2.5.tar.gz
sudo tar zxf modsecurity-crs_2.2.5.tar.gz
sudo mv SpiderLabs-owasp-modsecurity-crs-5c28b52 modsecurity-crs_2.2.5
sudo cp -R modsecurity-crs_2.2.5/* /etc/modsecurity/
sudo rm modsecurity-crs_2.2.5.tar.gz
sudo rm modsecurity-crs_2.2.5 -r
sudo mv /etc/modsecurity/modsecurity_crs_10_setup.conf.example /etc/modsecurity/modsecurity_crs_10_setup.conf
#To enable rulesets create /etc/apache2/conf.d/modsecurity.conf file with following content:
<ifmodule mod_security2.c>
SecRuleEngine On
</ifmodule>
sudo a2enmod mod-security
sudo service apache2 restart
Fail /etc/apache2/mods-enabled/mod-security.conf
<IfModule security2_module>
# Default Debian dir for modsecurity's persistent data
SecDataDir /var/cache/modsecurity
# Include all the *.conf files in /etc/modsecurity.
# Keeping your local configuration in that directory
# will allow for an easy upgrade of THIS file and
# make your life easier
Include "/etc/modsecurity/*.conf"
Include "/etc/modsecurity/activated_rules/*.conf"
# Include "/etc/modsecurity/optional_rules/*.conf"
Include "/etc/modsecurity/base_rules/*.conf"
</IfModule>
https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project
http://blog.spiderlabs.com/2011/07/modsecurity-sql-injection-challenge-lessons-learned.html
Veateate muutmine
Mõne ründe avastamisel suunatakse vaikimisi ümber lehele, mis näitab veateadet "Forbidden".
Et seda muuta, tuleks Apache VirtualHosti confi lisada järgmine rida:
ErrorDocument 403 /sinu/custom/errori/leht.php
leht.php võiks olla näiteks lihtne php script, mis suunab tagasi lehele, kust tuldi (HTTP referer):
<?php
header('Location: ' . $_SERVER['HTTP_REFERER']);
?>
