Mod security: Difference between revisions

From ICO wiki
Jump to navigationJump to search
No edit summary
No edit summary
 
(3 intermediate revisions by one other user not shown)
Line 7: Line 7:
cd /tmp
cd /tmp


sudo wget http://downloads.sourceforge.net/project/mod-security/modsecurity-crs/0-CURRENT/modsecurity-crs_2.2.5.tar.gz
sudo wget https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/v2.2.5 -O modsecurity-crs_2.2.5.tar.gz


sudo tar zxf modsecurity-crs_2.2.5.tar.gz
sudo tar zxf modsecurity-crs_2.2.5.tar.gz
sudo mv SpiderLabs-owasp-modsecurity-crs-5c28b52 modsecurity-crs_2.2.5


sudo cp -R modsecurity-crs_2.2.5/* /etc/modsecurity/
sudo cp -R modsecurity-crs_2.2.5/* /etc/modsecurity/
Line 51: Line 53:


http://blog.spiderlabs.com/2011/07/modsecurity-sql-injection-challenge-lessons-learned.html
http://blog.spiderlabs.com/2011/07/modsecurity-sql-injection-challenge-lessons-learned.html
==Veateate muutmine==
Mõne ründe avastamisel suunatakse vaikimisi ümber lehele, mis näitab veateadet "Forbidden".
Et seda muuta, tuleks Apache VirtualHosti confi lisada järgmine rida:
<pre>ErrorDocument 403 /sinu/custom/errori/leht.php</pre>
''leht.php'' võiks olla näiteks lihtne php script, mis suunab tagasi lehele, kust tuldi (HTTP referer):
<source lang="php"><?php
header('Location: ' . $_SERVER['HTTP_REFERER']);
?></source>

Latest revision as of 09:30, 19 May 2014

sudo apt-get update
sudo apt-get install libxml2 libxml2-dev libxml2-utils
sudo apt-get install libapache2-modsecurity
ln -sf /usr/lib/x86_64-linux-gnu/libxml2.so.2 /usr/lib/libxml2.so.2
sudo mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
cd /tmp

sudo wget https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/v2.2.5 -O modsecurity-crs_2.2.5.tar.gz

sudo tar zxf modsecurity-crs_2.2.5.tar.gz

sudo mv SpiderLabs-owasp-modsecurity-crs-5c28b52 modsecurity-crs_2.2.5

sudo cp -R modsecurity-crs_2.2.5/* /etc/modsecurity/

sudo rm modsecurity-crs_2.2.5.tar.gz

sudo rm modsecurity-crs_2.2.5 -r

sudo mv /etc/modsecurity/modsecurity_crs_10_setup.conf.example /etc/modsecurity/modsecurity_crs_10_setup.conf  


#To enable rulesets create /etc/apache2/conf.d/modsecurity.conf file with following content:
<ifmodule mod_security2.c>
SecRuleEngine On
</ifmodule>


sudo a2enmod mod-security
sudo service apache2 restart

Fail /etc/apache2/mods-enabled/mod-security.conf

<IfModule security2_module>
        # Default Debian dir for modsecurity's persistent data
        SecDataDir /var/cache/modsecurity

        # Include all the *.conf files in /etc/modsecurity.
        # Keeping your local configuration in that directory
        # will allow for an easy upgrade of THIS file and
        # make your life easier
        Include "/etc/modsecurity/*.conf"
        Include "/etc/modsecurity/activated_rules/*.conf"
#       Include "/etc/modsecurity/optional_rules/*.conf"
        Include "/etc/modsecurity/base_rules/*.conf"
</IfModule>

https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project

http://blog.spiderlabs.com/2011/07/modsecurity-sql-injection-challenge-lessons-learned.html

Veateate muutmine

Mõne ründe avastamisel suunatakse vaikimisi ümber lehele, mis näitab veateadet "Forbidden".

Et seda muuta, tuleks Apache VirtualHosti confi lisada järgmine rida:

ErrorDocument 403 /sinu/custom/errori/leht.php

leht.php võiks olla näiteks lihtne php script, mis suunab tagasi lehele, kust tuldi (HTTP referer):

<?php 
header('Location: ' . $_SERVER['HTTP_REFERER']);
?>