In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-02-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/02 Report--
ModSecurity is a powerful packet filtering tool that examines every package that enters the web server. It will compare each packet according to internal rules and determine whether the package needs to be disabled or continue to be sent to the web server.
1. Download
Modsecurity-apache: http://sourceforge.net/projects/mod-security/files/modsecurity-apache/
Modsecurity-crs: http://sourceforge.net/projects/mod-security/files/modsecurity-crs/0-CURRENT/
2. Installation
1) enable mod_unique_id module
2) verify that the server has installed the latest version of the libxml2 function library
3) stop Apache httpd
4) decompression
Gzip-d modsecurity-apache_2.6.3.tag.gz
Tar xvzf modsecurity-apache_2.6.3.tar
Gzip-d modsecurity-core-rules_2.6.tar.gz
Tar xvzf modsecurity-core-rules_2.6.tar.gz
5) configuration
. / configure
6) compile and test ModSecurity
Make
Make test
7) installation
Make install
Modify http.conf, enable ModSecurity, and add to the httpd.conf file:
LoadFile / usr/lib/libxml2.so
LoadModule security2_module modules/mod_security2.so
8) restart apache
Now that ModSecurity is installed, you can check the configuration instruction document: http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual
Install Apache2+ModSecurity on ubuntu and customize WAF rules
Although VPS uses the cloud WAF feature, it is still a little worried. For double insurance, it is decided to use modsecurity to customize the rules. The following describes how to configure ModSecurity shields for apache servers (modsecurity also supports Nginx,IIS).
This time, I chose to use the package manager to install, because every time I use the source package installation, my hairstyle will be messed up by weird library dependency errors.
Installation environment:
OS:Ubuntu 14.04.1 LTS
Apache: Apache/2.4.7 (Ubuntu)
Step 1: install apache
I suggest that it is best to install Apache with apt-get installation, so that you can have much less library support! If it's not too much trouble, you can install it with source code.
Enter apt-get install apache2
If prompted that this package is not available, update the package apt-get install update
After this step is installed, apache can provide services. Enter 127.0.0.1 to visit the local website.
Step 2: install modsecurity
This is the same as the one above, using
Apt-get install libxml2 libxml2-dev libxml2-utils libaprutil1 libaprutil1-dev libapache2-modsecurity
After you install it, you can check the version number of your modsecurity and use the
Dpkg-s libapache2-modsecurity | grep Version
Step 3 configure modsecurity
Service apache2 reload
After the command takes effect, the log file modsec_audit.log for modsecurity will be generated in the / var/log/apache2/ directory
Use the modsecurity core rule set
Put the rule set we want to use in the following directory
Cd / usr/share/modsecurity-crs/activated_rules/
Select enable base rule set
For f in $(ls.. / base_rules/); do ln-s.. / base_rules/$f; done
Modify the apache module configuration to enable the rule set
Note: there are some differences between modsecurity version 2.7 and version 2.6 configuration files
(1) version 2.7
Vim / etc/apache2/mods-available/security2.conf
Modify
# Default Debian dir for modsecurity's persistent data
SecDataDir / var/cache/modsecurity
# Include all the * .conf files in / etc/modsecurity.
# Keeping your local configuration in that directory
# will allow for an easy upgrade of THIS file and
# make your life easier
IncludeOptional / etc/modsecurity/*.conf
IncludeOptional / usr/share/modsecurity-crs/*.conf
IncludeOptional / usr/share/modsecurity-crs/activated_rules/*.conf
(2) version 2.6
vim / etc/apache2/mods-available/mod-security.conf
Modify
Include / etc/modsecurity/*.conf
Include / usr/share/modsecurity-crs/*.conf
Include / usr/share/modsecurity-crs/activated_rules/*.conf
Step 4: enable the modsecurity module
A2enmod headersa2enmod security2 (version 2.6: a2enmod mod-security) service apache2 restart
Step 5: test the real attack payload
See if you can intercept.
Http://www.tanjiti.com/?case=archive&act=orders&aid[typeid`%3D1%20and%20ord(mid((select/**/concat(username,0x3a,password)%20from%20cmseasy_user),1,1))%3C49%23]=1
We found that the request packet was intercepted by 403.
You can check the modsecurity log file to see the specific interception.
Tail / var/log/apache2/modsec_audit.log
Message: Access denied with code 403 (phase 2). Pattern match "(/\\ *!? |\\ * / | [& # 039 *;]-- |-- [\\ s\\ r\\ n\\ v\\ f] | (?) | ([^\ -] *?) #. *? [\\ s\\ r\ n\ v\\ f] | ?\ x00) "at ARGS_NAMES: aid [typeid` = 1 and ord (mid ((select/**/concat (username,0x3a,password) from cmseasy_user), 1Jing 1))
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 277
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.