Hosting Talk | Web Hosting talk India

Web Hosting   Add Host and Hosting News 

 

Go Back   Hosting Talk | Web Hosting talk India > Web Hosting Main Forums > Hosting Security and Technology > Hosting Security and Technology Tutorials

Ads

Reply
 
Thread Tools Display Modes
  #1  
Old 06-22-2012, 12:00 PM
bullten bullten is offline
Junior Member
 
Join Date: Jun 2012
Posts: 12
Default Installing Mod_Security to Protect Server from Different Attacks

What is Mod_Security?

ModSecurity is an embeddable web application firewall. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with no changes to existing infrastructure.

It is an open source project that aims to make the web application firewall technology available to everyone.

Features:-

Quote:
Detect requests by malicious automated programs such as robots, crawlers and security scanners
Protects against SQL injection and Blind SQL injection.
Blocks Cross Site Scripting (XSS).
OS Command Injection and remote command access.
File name injection.
ColdFusion, PHP and ASP injection.
E-Mail Injection
HTTP Response Splitting.
Universal PDF XSS.
Trojans & Backdoors Detection
How To Install:-

1. Login to your server as a root user.

2. Now, get the full download of the latest version of mod_security by following command

Code:
wget http://www.modsecurity.org/download/modsecurity-apache_2.6.2.tar.gz
3. Next we unzip the archive and navigate into the directory
Quote:
tar zxvf modsecurity-apache_2.6.2.tar.gz

cd modsecurity-apache_2.6.2/
4. Now you need to determine which version of Apache you use:
APACHE 1.3.x users

Code:
cd apache1/
APACHE 2.x users

Code:
cd apache2/
5. Lets Compile the module now:

Code:
/usr/local/apache/bin/apxs -cia mod_security.c
6. Ok, now its time to edit the httpd conf file.

But then, First we will make a backup just in case something goes wrong (“PRECAUTION” is better than “CURE”). And also get the assistance of senior admins in case if you are not confident while setting the various parameters for server.

Code:
cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.backup
7. Now that we have backed it all up, we can edit the httpd.conf. Replace pico with nano depending on what you have by below mentioned command

Code:
ln -s /usr/bin/nano /usr/bin/pico
so that you can edit the file by pico
Or else you can go with vi editor

Code:
vi /usr/local/apache/conf/httpd.conf
8. Lets look for something in the config, do this by holding control and pressing W and you are going to search for

(although any of the IfModules would work fine)

9. Now add this

Quote:
# Turn the filtering engine On or Off
SecFilterEngine On

# Change Server: string
SecServerSignature ” ”

# Make sure that URL encoding is valid
SecFilterCheckURLEncoding On

# This setting should be set to On only if the Web site is
# using the Unicode encoding. Otherwise it may interfere with
# the normal Web site operation.
SecFilterCheckUnicodeEncoding Off

# Only allow bytes from this range
SecFilterForceByteRange 1 255

# The audit engine works independently and
# can be turned On of Off on the per-server or
# on the per-directory basis. “On” will log everything,
# “DynamicOrRelevant” will log dynamic requests or violations,
# and “RelevantOnly” will only log policy violations
SecAuditEngine RelevantOnly

# The name of the audit log file
SecAuditLog /var/log/httpd/audit_log

# Should mod_security inspect POST payloads
SecFilterScanPOST On

# Action to take by default
SecFilterDefaultAction “deny,log,status:500″

# Require HTTP_USER_AGENT and HTTP_HOST in all requests
SecFilterSelective “HTTP_USER_AGENT|HTTP_HOST” “^$”

# Prevent path traversal (..) attacks
SecFilter “../”

# Weaker XSS protection but allows common HTML tags
SecFilter “<[[:space:]]*script”

# Prevent XSS atacks (HTML/Javascript injection)
SecFilter “<(.|n)+>”

# Very crude filters to prevent SQL injection attacks
SecFilter “delete[[:space:]]+from”
SecFilter “insert[[:space:]]+into”
SecFilter “select.+from”

# Protecting from XSS attacks through the PHP session cookie
SecFilterSelective ARG_PHPSESSID “!^[0-9a-z]*$”
SecFilterSelective COOKIE_PHPSESSID “!^[0-9a-z]*$”
10. Save the file.
Nevertheless to say For Pico editors Ctrl + X then Y and “Esc” :wq! for Vi editors.

11. Restart Apache.

Quote:
/etc/rc.d/init.d/httpd stop
/etc/rc.d/init.d/httpd start
Additionally you can get mod_security rules here:-

Code:
http://www.gotroot.com/downloads/ftp/mod_security/rules.conf
Article Source: Installing Mod_Security

Last edited by bullten; 06-22-2012 at 12:04 PM.
Reply With Quote
  #2  
Old 09-22-2012, 11:13 AM
Max-PH Max-PH is offline
Junior Member
 
Join Date: Aug 2012
Posts: 12
Default

I also recommend to install this http://www.configserver.com/cp/cmc.html
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 01:18 PM.


Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2018, SEO by YABBSEO 1.0 2012, YABSoft.com.