Results 1 to 1 of 1
-
15th Jun 2014, 01:51 PM#1
OPRespected Member
How to install mod_security for Apache
What is mod_security?
ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding applications from attacks. ModSecurity supports both branches of the Apache web server.
Rfx Networks Recommended:
"mod_security is great and I encourage it be used by everyone; it does have the potential to break some web applications but so far iv seen very few issues to say the least. Likewise it is easy to fix any applications that may break with the granular filter rules that can be setup to either deny or allow certain content. Overall mod_security is a needed addition to apache, providing a layer of security yet unseen for apache. I highly encourage you read the reference document on the modsecurity.org site (under documentation) to better understand each directive and the role it plays in protecting your server and sites."
Requirements:
Apache Web Server 1.3x or 2.x
Note: We have confirmed this security addon works with Cpanel based servers.
How to install?
1. Login to your server through SSH and su to the root user.
2. First your going to start out by grabbing the latest version of mod_security
3. Next we untar the archive and cd into the directory:Code:wget http://www.modsecurity.org/download/mod_security-1.7.4.tar.gz
4. Now you need to determine which version of apache you use:Code:tar zxvf mod_security-1.7.4.tar.gz cd mod_security-1.7.4/
5. Lets Compile the module now:APACHE 1.3.x users
cd apache1/
APACHE 2.x users
cd apache2/
6. Ok, now its time to edit the httpd conf file. First we will make a backup just incase something goes wrong:Code:/usr/local/apache/bin/apxs -cia mod_security.c
7. Now that we have backed it all up, we can edit the httpd.conf. Replace pico with nano depending on what you haveCode:cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.backup
8. Lets look for something in the config, do this by holding control and pressing W and you are going to search forCode:pico /usr/local/apache/conf/httpd.conf
<IfModule mod_dir.c> (altho any of the IfModules would work fine)
9. Now add this
10. Save the file Ctrl + X then Y<IfModule mod_security.c>
SecFilterEngine On
SecServerSignature "Apache"
SecFilterCheckUnicodeEncoding Off
SecAuditEngine RelevantOnly
SecAuditLog logs/audit_log
SecFilterScanPOST On
SecFilterDefaultAction "deny,log,status:403"
SecFilterSelective REQUEST_METHOD "^POST$" chain
SecFilterSelective HTTP_Content-Length "^$"
SecFilterSelective HTTP_Transfer-Encoding "!^$"
SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"
SecFilter "../"
SecFilter "viewtopic\.php\?" chain
SecFilter "chr\(([0-9]{1,3})\)" "deny,log"
SecFilterSelective THE_REQUEST "wget "
SecFilterSelective THE_REQUEST "lynx "
SecFilterSelective THE_REQUEST "scp "
SecFilterSelective THE_REQUEST "ftp "
SecFilterSelective THE_REQUEST "cvs "
SecFilterSelective THE_REQUEST "rcp "
SecFilterSelective THE_REQUEST "curl "
SecFilterSelective THE_REQUEST "telnet "
SecFilterSelective THE_REQUEST "ssh "
SecFilterSelective THE_REQUEST "echo "
SecFilterSelective THE_REQUEST "links -dump "
SecFilterSelective THE_REQUEST "links -dump-charset "
SecFilterSelective THE_REQUEST "links -dump-width "
SecFilterSelective THE_REQUEST "links http:// "
SecFilterSelective THE_REQUEST "links ftp:// "
SecFilterSelective THE_REQUEST "links -source "
SecFilterSelective THE_REQUEST "mkdir "
SecFilterSelective THE_REQUEST "cd /tmp "
SecFilterSelective THE_REQUEST "cd /var/tmp "
SecFilterSelective THE_REQUEST "cd /etc/httpd/proxy "
SecFilterSelective THE_REQUEST "/config.php?v=1&DIR "
SecFilterSelective THE_REQUEST "/../../ "
SecFilterSelective THE_REQUEST "&highlight=%2527%252E "
SecFilterSelective THE_REQUEST "changedir=%2Ftmp%2F.php "
# Very crude filters to prevent SQL injection attacks
SecFilter "delete[[:space:]]+from"
SecFilter "insert[[:space:]]+into"
SecFilter "select.+from"
# Weaker XSS protection but allows common HTML tags
SecFilter "<[[:space:]]*script"
# Prevent XSS atacks (HTML/Javascript injection)
SecFilter "<(.|n)+>"
</IfModule>
11. Restart Apache
You've successfully installed mod_security!Code:/etc/rc.d/init.d/httpd stop /etc/rc.d/init.d/httpd startAreon Reviewed by Areon on . How to install mod_security for Apache What is mod_security? ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding applications from attacks. ModSecurity supports both branches of the Apache web server. Rfx Networks Recommended: "mod_security is great and I encourage it be used by everyone; it does have the potential to break some web applications but so far iv seen very few issues to say the least. Rating: 5
Register To ReplySponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
How to instal GA for IP board
By Doom in forum Technical Help Desk SupportReplies: 4Last Post: 29th Aug 2011, 02:25 PM -
How to install vbulletin for free
By Johnny:D in forum Technical Help Desk SupportReplies: 12Last Post: 27th Aug 2011, 11:54 PM -
[VIDEO TUT]How to install Mod_Security and Harden PHP
By Dom in forum Technical and Security TutorialsReplies: 14Last Post: 9th Jun 2011, 11:00 AM -
how to install curl for kloxo ??
By onel0ve in forum Technical Help Desk SupportReplies: 2Last Post: 3rd Feb 2011, 07:32 AM -
How to install ioncube loders for whmcs on a windows server
By sniper in forum Server ManagementReplies: 8Last Post: 5th Jan 2010, 07:28 PM
Staff Online
themaCreator - create posts from...
Version 3.22 released. Open older version (or...