Secure your Apache2 with mod-security

Apache, IT-Tips, Security Add comments
270

Installation:

In order to install mod-security with apache2, you need libapache2-mod-security:

$sudo apt-get install libapache2-mod-security

and then enable mod-security and reload apache2

$sudo a2enmod mod-security
$sudo /etc/init.d/apache2 force-reload

Once this is done, you will be able to filter GET, POST urls …. and apply different rules depending on what the page/variables/url contain

Configuration:

Apache running on debian offers such a place. In /etc/apache2/apache2.conf, you can find that directive:

# Include generic snippets of statements
Include /etc/apache2/conf.d/

So this is the place we are going to put our mod-security statements. Create and edit /etc/apache2/conf.d/mod_security and add the following:
# mod_security configuration directives
# …
# Turn the filtering engine On or Off
SecFilterEngine On

# Some sane defaults
#Check if URL characters where encoded
SecFilterCheckURLEncoding On
#Check UTF-8 encoding
SecFilterCheckUnicodeEncoding Off

#Allow 1 byte characters
# Accept almost all byte values
SecFilterForceByteRange 0 255

# Server masking is optional
# SecServerSignature “Microsoft-IIS/0.0″

SecAuditEngine RelevantOnly
# The name of the audit log file
SecAuditLog /var/log/apache2/audit_log

# You normally won’t need debug logging
# Debug level set to a minimum
SecFilterDebugLog /var/log/apache2/modsec_debug_log
SecFilterDebugLevel 0

# Should mod_security inspect POST payloads
SecFilterScanPOST On

# By default log and deny suspicious requests
# with HTTP status 500
SecFilterDefaultAction “deny,log,status:500″

Here is a more detailled view of what those directives are used for:

* SecFiterEngine (On|Off): enables/disables mod-security engine
* SecFilterCheckUrlEncoding (On|Off): check if special characters where encoded before being passed in url
* SecFilterCheckUnicodeEncoding (On|Off): check if unicode encoding is valid. Has to be Off except if you system handles Unicode.
* SecFilterForceByteRange: Forces requests to only contain bytes from the defined range. This can prevent stack overflow attacks. Default values 0 255 allow all bytes values.
* SecServerSignature: Change the server signature in response headers. Note: in order to get it to work, you need apache setted with ServerTokens Full.
* SecAuditEngine (On|Off|RelevantOnly): enable/disable mod-security logging. RelevantOnly stands for “log only request that matched a filter rule”.
* SecAuditLog /path/to/audit_log: define the file where mod-security will write its logs.
* SecFilterDebugLog /path/to/debug_log: define where mod-security debug log will be stored.
* SecFilterDebugLevel (0-9): mod-security has got 10 debug level. From 0 (no debug info logged) to 9 (everything logged). Most people won’t use this (otherwise, you won’t be reading this how-to so turn it to 0.
* SecFilterScanPost (On|Off): by default, mod-security only scans GET datas, turning this on, you will also be able to scan POST datas (such as forms)
* SecFilterDefaultAction ACTION: here we define the default action mod-security should take when a filter rule is matched. Here, log request and reply with a 500 Internal Server Error.

This article has been refered from http://www.debuntu.org/
for more details please visit http://www.debuntu.org/2006/08/13/86-secure-your-apache2-with-mod-security


Tags:, , , , , , , , , , , , , , , , , , , ,

Liked this article? To continue getting our latest free Howtos and Tutorials,
you can also grab the RSS feed or Subscribe to Techgurulive by Email

Not Getting



Leave a Reply



This Howtos posted under" Apache, IT-Tips, Security

Secure your Apache2 with mod-security


Find Free Howtos and tutorials on apache, Linux, windows, php, Networking, MySQL, Cisco, open source, Nas, Virtualization, voip, vpn, email,send mail, lamp, security, SEO, squid, Anti virus, Backup, Database and many more