Secure your Apache2 with mod-security
Installation:
In order to install mod-security with apache2, you need libapache2-mod-security:
$sudo apt-get install libapache2-mod-security
and then enable mod-security and reload apache2
$sudo a2enmod mod-security
$sudo /etc/init.d/apache2 force-reload
Once this is done, you will be able to filter GET, POST urls …. and apply different rules depending on what the page/variables/url contain
Configuration:
Apache running on debian offers such a place. In /etc/apache2/apache2.conf, you can find that directive:
# Include generic snippets of statements
Include /etc/apache2/conf.d/
So this is the place we are going to put our mod-security statements. Create and edit /etc/apache2/conf.d/mod_security and add the following:
# mod_security configuration directives
# …
# Turn the filtering engine On or Off
SecFilterEngine On
# Some sane defaults
#Check if URL characters where encoded
SecFilterCheckURLEncoding On
#Check UTF-8 encoding
SecFilterCheckUnicodeEncoding Off
#Allow 1 byte characters
# Accept almost all byte values
SecFilterForceByteRange 0 255
# Server masking is optional
# SecServerSignature “Microsoft-IIS/0.0″
SecAuditEngine RelevantOnly
# The name of the audit log file
SecAuditLog /var/log/apache2/audit_log
# You normally won’t need debug logging
# Debug level set to a minimum
SecFilterDebugLog /var/log/apache2/modsec_debug_log
SecFilterDebugLevel 0
# Should mod_security inspect POST payloads
SecFilterScanPOST On
# By default log and deny suspicious requests
# with HTTP status 500
SecFilterDefaultAction “deny,log,status:500″
Here is a more detailled view of what those directives are used for:
* SecFiterEngine (On|Off): enables/disables mod-security engine
* SecFilterCheckUrlEncoding (On|Off): check if special characters where encoded before being passed in url
* SecFilterCheckUnicodeEncoding (On|Off): check if unicode encoding is valid. Has to be Off except if you system handles Unicode.
* SecFilterForceByteRange: Forces requests to only contain bytes from the defined range. This can prevent stack overflow attacks. Default values 0 255 allow all bytes values.
* SecServerSignature: Change the server signature in response headers. Note: in order to get it to work, you need apache setted with ServerTokens Full.
* SecAuditEngine (On|Off|RelevantOnly): enable/disable mod-security logging. RelevantOnly stands for “log only request that matched a filter rule”.
* SecAuditLog /path/to/audit_log: define the file where mod-security will write its logs.
* SecFilterDebugLog /path/to/debug_log: define where mod-security debug log will be stored.
* SecFilterDebugLevel (0-9): mod-security has got 10 debug level. From 0 (no debug info logged) to 9 (everything logged). Most people won’t use this (otherwise, you won’t be reading this how-to so turn it to 0.
* SecFilterScanPost (On|Off): by default, mod-security only scans GET datas, turning this on, you will also be able to scan POST datas (such as forms)
* SecFilterDefaultAction ACTION: here we define the default action mod-security should take when a filter rule is matched. Here, log request and reply with a 500 Internal Server Error.
This article has been refered from http://www.debuntu.org/
for more details please visit http://www.debuntu.org/2006/08/13/86-secure-your-apache2-with-mod-security
you can also grab the RSS feed or Subscribe to Techgurulive by Email
Not Getting
LAMP is short for Linux, Apache, MySQL, PHP. This tutorial shows how you can install an Apache2 webserver on an OpenSUSE 11.1 server with PHP5 support (mod_php) and MySQL support....
We are pleased to announce the availability of the Mac OS X Server Security Configuration for v10.5 Leopard, a centralized resource for concepts, instructions, and recommendations related to security. In...
