viperSuite – The Random Mind of a Web Developer

Install / Configure mod_security

Posted on November 30, 2010

Security, one of the most important aspects of a web server. After a few days of google'n I have decided to use mod_security.

"ModSecurity is an open source web application firewall (WAF) engine for Apache that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. With over 10,000 deployments world-wide, ModSecurity is the most widely deployed WAF in existence." - http://www.modsecurity.org/

There are many free packages out there with precompiled rules and such.

  1. Install mod_security: "yum install mod_security"(If you are on Plesk/CentOS) "cd /etc/httpd/conf.d/modsecurity.d/"
  2. Download HyperOIS.com's rules: "wget http://hyperois.com/files/modsec2_rules.tar.gz"
  3. Uncompress: "tar -xzvf modsec2_rules.tar.gz"
  4. "cd /etc/httpd/conf.d/"
  5. Open/edit mod_security.conf: "vi mod_security.conf"
    Many OS/Control Panels are different, so replace the IfModule part only with the following code:


    <IfModule mod_security2.c>
    SecRuleEngine On
    # "Add the rules that will do exactly the same as the directives"
    # SecFilterCheckURLEncoding On
    # SecFilterForceByteRange 0 255
    SecAuditEngine RelevantOnly
    SecAuditLog logs/modsec_audit.log
    SecDebugLog logs/modsec_debug_log
    SecDebugLogLevel 0
    SecDefaultAction "phase:2,deny,log,status:406
    SecRule REMOTE_ADDR "^127.0.0.1$" nolog,allow
    SecServerSignature "Rules Powered By HyperOIS.com"
    #First, add in your exclusion rules:
    #These MUST come first!
    Include /path/to/config/files/exclude.conf
    #Application protection rules
    Include /path/to/config/files/rules.conf
    #Just in Time Patches for Vulnerable Applications
    Include /path/to/config/files/jitp.conf
    #Comment spam rules
    Include /path/to/config/files/blacklist.conf
    #Bad hosts, bad proxies and other bad players
    Include /path/to/config/files/blacklist2.conf
    #Bad clients, known bogus useragents and other signs of malware
    Include /path/to/config/files/useragents.conf
    #Known bad software, rootkits and other malware
    Include /path/to/config/files/rootkits.conf
    #Additional rules for Apache 2.x ONLY! Do not add this line if you use Apache 1.x
    Include /path/to/config/files/apache2-rules.conf
    </IfModule>

  6. You will want to replace "/path/to/config/files" to the destination you have selected for your rule configs.
  7. Save your file: ":wq"
  8. Let's make sure there is no errors: "cd /etc/init.d/" "./httpd configtest"
  9. If everything is okay, reboot apache! "./httpd restart"

You have just installed and configured mod_security! Congrats!

Hope this helps someone.

Filed under: PHP Dev, Technology No Comments
   

Pages

Categories

Blogroll

Archive

Meta