Install or Update to version 1.9.3 or 2.0.0 all same
Hello,
Open Source Web Application Firewall
ModSecurity at work
ModSecurity is an open source intrusion detection and prevention engine for web applications (or a web application firewall). Operating as an Apache Web server module or standalone, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks.
Version 1.9.3
Apache 1.x
Apache 2.x
edit httpd.conf
كود:
nano -w /etc/httpd/conf/httpd.conf
find mod_security then past this after
كود:
<IfModule mod_security.c>
# Only inspect dynamic requests
# (YOU MUST TEST TO MAKE SURE IT WORKS AS EXPECTED)
#SecFilterEngine DynamicOnly
SecFilterEngine On
# Reject requests with status 500
SecFilterDefaultAction "deny,log,status:500"
# Some sane defaults
SecFilterScanPOST On
SecFilterCheckURLEncoding On
SecFilterCheckCookieFormat On
SecFilterCheckUnicodeEncoding Off
SecFilterNormalizeCookies On
# enable version 1 (RFC 2965) cookies
SecFilterCookieFormat 1
#SecServerResponseToken Off
#If you want to scan the output, uncomment these
#SecFilterScanOutput On
#SecFilterOutputMimeTypes "(null) text/html text/plain"
# Accept almost all byte values
SecFilterForceByteRange 1 255
# Server masking is optional
#fake server banner - NOYB used - no one needs to know what we are using
SecServerSignature "Power MOD by web4host.net"
#SecUploadDir /tmp
#SecUploadKeepFiles Off
# Only record the interesting stuff
SecAuditEngine RelevantOnly
SecAuditLog logs/audit_log
# You normally won't need debug logging
SecFilterDebugLevel 0
SecFilterDebugLog logs/modsec_debug_log
#Additional rules for Apache 2.x ONLY! Do not add this line if you use Apache 1.x
#Include /etc/modsecurity/apache2-rules.conf
#Use one rules - Remove # to active Rules
# V1.0
#Include /etc/modsecurity/mini1.conf
# V2.0
#Include /etc/modsecurity/mini2.conf
# V3.0
#Include /etc/modsecurity/mini3.conf
# V4.0
#Include /etc/modsecurity/mini4.conf
# V5.0
#Include /etc/modsecurity/mini5.conf
# V6.0
#Include /etc/modsecurity/mini.conf
</IfModule>
Search for ‘AddModule’ string, and make sure that AddModule mod_security.c
Do a safe apache restart
كود:
/sbin/service httpd restart
******
Version 2.0.0
March 08, 2006
First development release of ModSecurity 2.x
It's that time of year again, when I get to work on new features (instead of supporting the old ones). With a major change to the version number of the way I took the opportunity to introduce major improvements too. ModSecurity 2.0.0-dev1 is available right now and it offers the following major improvements:
* Transaction scoring.
* IP address tracking and blacklisting.
* IP address scoring.
* RPC API.
* Functions (e.g. you are no longer confined to using only regular expressions in rules).
* Real-time Black List (RBL) support.
* Completely re-written response buffering code. It is now more robust, consumes less memory, and able to put a limit on the response size.
The new features are properly documented so you shouldn't have any problems trying them out. I will follow up on some of them here, to explain why I think they will change how you view ModSecurity.
P.S. There is no support for Apache 1.x in this development release.
* http://www.modsecurity.org/blog/arch...developme.html *
Apache 1.x
Apache 2.x
edit httpd.conf
كود:
nano -w /etc/httpd/conf/httpd.conf
find mod_security then past this after
كود:
<IfModule mod_security.c>
# Only inspect dynamic requests
# (YOU MUST TEST TO MAKE SURE IT WORKS AS EXPECTED)
#SecFilterEngine DynamicOnly
SecFilterEngine On
# Reject requests with status 500
SecFilterDefaultAction "deny,log,status:500"
# Some sane defaults
SecFilterScanPOST On
SecFilterCheckURLEncoding On
SecFilterCheckCookieFormat On
SecFilterCheckUnicodeEncoding Off
SecFilterNormalizeCookies On
# enable version 1 (RFC 2965) cookies
SecFilterCookieFormat 1
#SecServerResponseToken Off
#If you want to scan the output, uncomment these
#SecFilterScanOutput On
#SecFilterOutputMimeTypes "(null) text/html text/plain"
# Accept almost all byte values
SecFilterForceByteRange 1 255
# Server masking is optional
#fake server banner - NOYB used - no one needs to know what we are using
SecServerSignature "Power MOD by web4host.net"
#SecUploadDir /tmp
#SecUploadKeepFiles Off
# Only record the interesting stuff
SecAuditEngine RelevantOnly
SecAuditLog logs/audit_log
# You normally won't need debug logging
SecFilterDebugLevel 0
SecFilterDebugLog logs/modsec_debug_log
#Additional rules for Apache 2.x ONLY! Do not add this line if you use Apache 1.x
#Include /etc/modsecurity/apache2-rules.conf
#Use one rules - Remove # to active Rules
# V1.0
#Include /etc/modsecurity/mini1.conf
# V2.0
#Include /etc/modsecurity/mini2.conf
# V3.0
#Include /etc/modsecurity/mini3.conf
# V4.0
#Include /etc/modsecurity/mini4.conf
# V5.0
#Include /etc/modsecurity/mini5.conf
# V6.0
#Include /etc/modsecurity/mini.conf
</IfModule>
Search for ‘AddModule’ string, and make sure that AddModule mod_security.c
Do a safe apache restart
كود:
/sbin/service httpd restart
******
if you want update mini rules
If you use APF with big black list your server load gone higher then normal, use KISS and you will see stable & normal load
All rules work normal no server load
Main post here
http://www.directadmin.com/forum/sho...threadid=11125
Wael
المشاركة الأصلية كتبت بواسطة الواثب
ضوابط المشاركة
رد مع اقتباس