Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Installation, enabling and configuration of ModSecurity under Apache

2025-02-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/02 Report--

ModSecurity is a powerful packet filtering tool that examines every package that enters the web server. It will compare each packet according to internal rules and determine whether the package needs to be disabled or continue to be sent to the web server.

1. Download

Modsecurity-apache: http://sourceforge.net/projects/mod-security/files/modsecurity-apache/

Modsecurity-crs: http://sourceforge.net/projects/mod-security/files/modsecurity-crs/0-CURRENT/

2. Installation

1) enable mod_unique_id module

2) verify that the server has installed the latest version of the libxml2 function library

3) stop Apache httpd

4) decompression

Gzip-d modsecurity-apache_2.6.3.tag.gz

Tar xvzf modsecurity-apache_2.6.3.tar

Gzip-d modsecurity-core-rules_2.6.tar.gz

Tar xvzf modsecurity-core-rules_2.6.tar.gz

5) configuration

. / configure

6) compile and test ModSecurity

Make

Make test

7) installation

Make install

Modify http.conf, enable ModSecurity, and add to the httpd.conf file:

LoadFile / usr/lib/libxml2.so

LoadModule security2_module modules/mod_security2.so

8) restart apache

Now that ModSecurity is installed, you can check the configuration instruction document: http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual

Install Apache2+ModSecurity on ubuntu and customize WAF rules

Although VPS uses the cloud WAF feature, it is still a little worried. For double insurance, it is decided to use modsecurity to customize the rules. The following describes how to configure ModSecurity shields for apache servers (modsecurity also supports Nginx,IIS).

This time, I chose to use the package manager to install, because every time I use the source package installation, my hairstyle will be messed up by weird library dependency errors.

Installation environment:

OS:Ubuntu 14.04.1 LTS

Apache: Apache/2.4.7 (Ubuntu)

Step 1: install apache

I suggest that it is best to install Apache with apt-get installation, so that you can have much less library support! If it's not too much trouble, you can install it with source code.

Enter apt-get install apache2

If prompted that this package is not available, update the package apt-get install update

After this step is installed, apache can provide services. Enter 127.0.0.1 to visit the local website.

Step 2: install modsecurity

This is the same as the one above, using

Apt-get install libxml2 libxml2-dev libxml2-utils libaprutil1 libaprutil1-dev libapache2-modsecurity

After you install it, you can check the version number of your modsecurity and use the

Dpkg-s libapache2-modsecurity | grep Version

Step 3 configure modsecurity

Service apache2 reload

After the command takes effect, the log file modsec_audit.log for modsecurity will be generated in the / var/log/apache2/ directory

Use the modsecurity core rule set

Put the rule set we want to use in the following directory

Cd / usr/share/modsecurity-crs/activated_rules/

Select enable base rule set

For f in $(ls.. / base_rules/); do ln-s.. / base_rules/$f; done

Modify the apache module configuration to enable the rule set

Note: there are some differences between modsecurity version 2.7 and version 2.6 configuration files

(1) version 2.7

Vim / etc/apache2/mods-available/security2.conf

Modify

# Default Debian dir for modsecurity's persistent data

SecDataDir / var/cache/modsecurity

# Include all the * .conf files in / etc/modsecurity.

# Keeping your local configuration in that directory

# will allow for an easy upgrade of THIS file and

# make your life easier

IncludeOptional / etc/modsecurity/*.conf

IncludeOptional / usr/share/modsecurity-crs/*.conf

IncludeOptional / usr/share/modsecurity-crs/activated_rules/*.conf

(2) version 2.6

‍‍ vim / etc/apache2/mods-available/mod-security.conf ‍‍

Modify

Include / etc/modsecurity/*.conf

Include / usr/share/modsecurity-crs/*.conf

Include / usr/share/modsecurity-crs/activated_rules/*.conf

Step 4: enable the modsecurity module

A2enmod headersa2enmod security2 (version 2.6: a2enmod mod-security) service apache2 restart

Step 5: test the real attack payload

See if you can intercept.

Http://www.tanjiti.com/?case=archive&act=orders&aid[typeid`%3D1%20and%20ord(mid((select/**/concat(username,0x3a,password)%20from%20cmseasy_user),1,1))%3C49%23]=1

We found that the request packet was intercepted by 403.

You can check the modsecurity log file to see the specific interception.

Tail / var/log/apache2/modsec_audit.log

Message: Access denied with code 403 (phase 2). Pattern match "(/\\ *!? |\\ * / | [& # 039 *;]-- |-- [\\ s\\ r\\ n\\ v\\ f] | (?) | ([^\ -] *?) #. *? [\\ s\\ r\ n\ v\\ f] | ?\ x00) "at ARGS_NAMES: aid [typeid` = 1 and ord (mid ((select/**/concat (username,0x3a,password) from cmseasy_user), 1Jing 1))

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 277

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report