Mod_evasive and mod_security modules are used to secure Apache Web Server from DDoS and brute force attacks by implementing web application firewall. For mod_evasive installation procedure, please use mod_evasive howto article.
mod_security is an open source web application firewall that runs within the Apache web server, and protects against HTTP DDoS attacks. mod_security supports both Apache 1.3.x and 2.0.x branches.
1. Download and compile the latest stable copy of mod_security from modsecurity.org. In our exercise below, we used modsecurity-apache_1.9.4.tar.gz (Apache 1.3.x) and modsecurity-apache_2.0.4.tar.gz (Apache 2.0.x).
bash# wget http://www.modsecurity.org/download/modsecurity-apache_1.9.4.tar.gz
bash# tar xfz modsecurity-apache_1.9.4.tar.gz
bash# modsecurity-apache_1.9.4
# Find a location of Apache Extension (apxs) binary, and run the following.
bash# type apxs
# OR
bash# find / -type f -name apxs -print
bash# $APACHE_ROOT/apxs -cia mod_security.c
2. Edit the httpd.conf (Apache configuration) file. Use your favorite text editor such as vi, pico or nano. Add or modify the following IfModule configuration options. For complete configuration options, consult mod_security documentation.
<IfModule mod_security.c>
# Turn the filtering engine On/Off
SecFilterEngine On
# Modify your Server Signature, or turn it off by setting it to empty string.
SecServerSignature ""
# Enforce URL encoding validation
SecFilterCheckURLEncoding On
# Unicode Encoding Validation
SecFilterCheckUnicodeEncoding Off
# Byte range
SecFilterForceByteRange 1 255
# The audit engine can be turned On of Off on the per server or
# per directory basis. "On" will log everything, "DynamicOrRelevant"
# will only log dynamic requests or violations, and "RelevantOnly"
# will only log policy violations
SecAuditEngine RelevantOnly
# The name of the audit log file
SecAuditLog /var/log/httpd/modsecurity_audit_log
# Whether tHow to install mod_security?
mod_evasive and mod_security modules are used to secure Apache Web Server from DDoS and brute force attacks by implementing web application firewall. For mod_evasive installation procedure, please use mod_evasive howto article.
mod_security is an open source web application firewall that runs within the Apache web server, and protects against HTTP DDoS attacks. mod_security supports both Apache 1.3.x and 2.0.x branches.
1. Download and compile the latest stable copy of mod_security from modsecurity.org. In our exercise below, we used modsecurity-apache_1.9.4.tar.gz (Apache 1.3.x) and modsecurity-apache_2.0.4.tar.gz (Apache 2.0.x).
bash# wget http://www.modsecurity.org/download/modsecurity-apache_1.9.4.tar.gz
bash# tar xfz modsecurity-apache_1.9.4.tar.gz
bash# modsecurity-apache_1.9.4
# Find a location of Apache Extension (apxs) binary, and run the following.
bash# type apxs
# OR
bash# find / -type f -name apxs -print
bash# $APACHE_ROOT/apxs -cia mod_security.c
2. Edit the httpd.conf (Apache configuration) file. Use your favorite text editor such as vi, pico or nano. Add or modify the following IfModule configuration options. For complete configuration options, consult mod_security documentation.
<IfModule mod_security.c>
# Turn the filtering engine On/Off
SecFilterEngine On
# Modify your Server Signature, or turn it off by setting it to empty string.
SecServerSignature ""
# Enforce URL encoding validation
SecFilterCheckURLEncoding On
# Unicode Encoding Validation
SecFilterCheckUnicodeEncoding Off
# Byte range
SecFilterForceByteRange 1 255
# The audit engine can be turned On of Off on the per server or
# per directory basis. "On" will log everything, "DynamicOrRelevant"
# will only log dynamic requests or violations, and "RelevantOnly"
# will only log policy violations
SecAuditEngine RelevantOnly
# The name of the audit log file
SecAuditLog /var/log/httpd/modsecurity_audit_log
# Whether the mod_security should inspect POST payloads
SecFilterScanPOST On
# Action to take by default
SecFilterDefaultAction "deny,log,status:500"
# Require HTTP_USER_AGENT and HTTP_HOST in all requests
SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
# Prevent paHow to install mod_security?
mod_evasive and mod_security modules are used to secure Apache Web Server from DDoS and brute force attacks by implementing web application firewall. For mod_evasive installation procedure, please use mod_evasive howto article.
mod_security is an open source web application firewall that runs within the Apache web server, and protects against HTTP DDoS attacks. mod_security supports both Apache 1.3.x and 2.0.x branches.
1. Download and compile the latest stable copy of mod_security from modsecurity.org. In our exercise below, we used modsecurity-apache_1.9.4.tar.gz (Apache 1.3.x) and modsecurity-apache_2.0.4.tar.gz (Apache 2.0.x).
bash# wget http://www.modsecurity.org/download/modsecurity-apache_1.9.4.tar.gz
bash# tar xfz modsecurity-apache_1.9.4.tar.gz
bash# modsecurity-apache_1.9.4
# Find a location of Apache Extension (apxs) binary, and run the following.
bash# type apxs
# OR
bash# find / -type f -name apxs -print
bash# $APACHE_ROOT/apxs -cia mod_security.c
2. Edit the htHow to install mod_security?
mod_evasive and mod_security modules are used to secure Apache Web Server from DDoS and brute force attacks by implementing web application firewall. For mod_evasive installation procedure, please use mod_evasive howto article.
mod_security is an open source web application firewall that runs within the Apache web server, and protects against HTTP DDoS attacks. mod_security supports both Apache 1.3.x and 2.0.x branches.
1. Download and compile the latest stable copy of mod_security from modsecurity.org. In our exercise below, we used modsecurity-apache_1.9.4.tar.gz (Apache 1.3.x) and modsecurity-apache_2.0.4.tar.gz (Apache 2.0.x).
bash# wget http://www.modsecurity.org/download/modsecurity-apache_1.9.4.tar.gz
bash# tar xfz modsecurity-apache_1.9.4.tar.gz
bash# modsecurity-apache_1.9.4
# Find a location of Apache Extension (apxs) binary, and run the following.
bash# type apxs
# OR
bash# find / -type f -name apxs -print
bash# $APACHE_ROOT/apxs -cia mod_security.c
2. Edit the httpd.conf (Apache configuration) file. Use your favorite text editor such as vi, pico or nano. Add or modify the following IfModule configuration options. For complete configuration options, consult mod_security documentation.
<IfModule mod_security.c>
# Turn the filtering engine On/Off
SecFilterEngine On
# Modify your Server Signature, or turn it off by setting it to empty string.
SecServerSignature ""
# Enforce URL encoding validation
SecFilterCheckURLEncoding On
# Unicode Encoding Validation
SecFilterCheckUnicodeEncoding Off
# Byte range
SecFilterForceByteRange 1 255
# The audit engine can be turned On of Off on the per server or
# per directory basis. "On" will log everything, "DynamicOrRelevant"
# will only log dynamic requests or violations, and "RelevantOnly"
# will only log policy violations
SecAuditEngine RelevantOnly
# The name of the audit log file
SecAuditLog /var/log/httpd/modsecurity_audit_log
# Whether the mod_security should inspect POST payloads
SecFilterScanPOST On
# Action to take by default
SecFilterDefaultAction "deny,log,status:500"
# Require HTTP_USER_AGENT and HTTP_HOST in all requests
SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
# Prevent path traversal (..) attacks
SecFilter "../"
# Weaker XSS protection but allows common HTML tags
SecFilter "<[[:space:]]*script"
# Prevent XSS atacks (HTML/Javascript injection)
SecFilter "<(.|n)+>"
# Very crude filters to prevent SQL injection attacks
SecFilter "delete[[:space:]]+from"
SecFilter "insert[[:space:]]+into"
SecFilter "select.+from"
# Protecting from XSS attacks through the PHP session cookie
SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"
</IfModule>
3. Restart Apache
bash# service httpd restarttpd.conf (Apache configuration) file. Use your favorite text editor such as vi, pico or nano. Add or modify the following IfModule configuration options. For complete configuration options, consult mod_security documentation.
<IfModule mod_security.c>
# Turn the filtering engine On/Off
SecFilterEngine On
# Modify your Server Signature, or turn it off by setting it to empty string.
SecServerSignature ""
# Enforce URL encoding validation
SecFilterCheckURLEncoding On
# Unicode Encoding Validation
SecFilterCheckUnicodeEncoding Off
# Byte range
SecFilterForceByteRange 1 255
# The audit engine can be turned On of Off on the per server or
# per directory basis. "On" will log everything, "DynamicOrRelevant"
# will only log dynamic requests or violations, and "RelevantOnly"
# will only log policy violations
SecAuditEngine RelevantOnly
# The name of the audit log file
SecAuditLog /var/log/httpd/modsecurity_audit_log
# Whether the mod_security should inspect POST payloads
SecFilterScanPOST On
# Action to take by default
SecFilterDefaultAction "deny,log,status:500"
# Require HTTP_USER_AGENT and HTTP_HOST in all requests
SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
# Prevent path traversal (..) attacks
SecFilter "../"
# Weaker XSS protection but allows common HTML tags
SecFilter "<[[:space:]]*script"
# Prevent XSS atacks (HTML/Javascript injection)
SecFilter "<(.|n)+>"
# Very crude filters to prevent SQL injection attacks
SecFilter "delete[[:space:]]+from"
SecFilter "insert[[:space:]]+into"
SecFilter "select.+from"
# Protecting from XSS attacks through the PHP session cookie
SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"
</IfModule>
3. Restart Apache
bash# service httpd restartth traversal (..) attacks
SecFilter "../"
# Weaker XSS protection but allows common HTML tags
SecFilter "<[[:space:]]*script"
# Prevent XSS atacks (HTML/Javascript injection)
SecFilter "<(.|n)+>"
# Very crude filters to prevent SQL injection attacks
SecFilter "delete[[:space:]]+from"
SecFilter "insert[[:space:]]+into"
SecFilter "select.+from"
# Protecting from XSS attacks through the PHP session cookie
SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"
</IfModule>
3. Restart Apache
bash# service httpd restarthe mod_security should inspect POST payloads
SecFilterScanPOST On
# Action to take by default
SecFilterDefaultAction "deny,log,status:500"
# Require HTTP_USER_AGENT and HTTP_HOST in all requests
SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
# Prevent path traversal (..) attacks
SecFilter "../"
# Weaker XSS protection but allows common HTML tags
SecFilter "<[[:space:]]*script"
# Prevent XSS atacks (HTML/Javascript injection)
SecFilter "<(.|n)+>"
# Very crude filters to prevent SQL injection attacks
SecFilter "delete[[:space:]]+from"
SecFilter "insert[[:space:]]+into"
SecFilter "select.+from"
# Protecting from XSS attacks through the PHP session cookie
SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"
</IfModule>
3. Restart Apache
bash# service httpd restart
mod_security is an open source web application firewall that runs within the Apache web server, and protects against HTTP DDoS attacks. mod_security supports both Apache 1.3.x and 2.0.x branches.
1. Download and compile the latest stable copy of mod_security from modsecurity.org. In our exercise below, we used modsecurity-apache_1.9.4.tar.gz (Apache 1.3.x) and modsecurity-apache_2.0.4.tar.gz (Apache 2.0.x).
bash# wget http://www.modsecurity.org/download/modsecurity-apache_1.9.4.tar.gz
bash# tar xfz modsecurity-apache_1.9.4.tar.gz
bash# modsecurity-apache_1.9.4
# Find a location of Apache Extension (apxs) binary, and run the following.
bash# type apxs
# OR
bash# find / -type f -name apxs -print
bash# $APACHE_ROOT/apxs -cia mod_security.c
2. Edit the httpd.conf (Apache configuration) file. Use your favorite text editor such as vi, pico or nano. Add or modify the following IfModule configuration options. For complete configuration options, consult mod_security documentation.
<IfModule mod_security.c>
# Turn the filtering engine On/Off
SecFilterEngine On
# Modify your Server Signature, or turn it off by setting it to empty string.
SecServerSignature ""
# Enforce URL encoding validation
SecFilterCheckURLEncoding On
# Unicode Encoding Validation
SecFilterCheckUnicodeEncoding Off
# Byte range
SecFilterForceByteRange 1 255
# The audit engine can be turned On of Off on the per server or
# per directory basis. "On" will log everything, "DynamicOrRelevant"
# will only log dynamic requests or violations, and "RelevantOnly"
# will only log policy violations
SecAuditEngine RelevantOnly
# The name of the audit log file
SecAuditLog /var/log/httpd/modsecurity_audit_log
# Whether tHow to install mod_security?
mod_evasive and mod_security modules are used to secure Apache Web Server from DDoS and brute force attacks by implementing web application firewall. For mod_evasive installation procedure, please use mod_evasive howto article.
mod_security is an open source web application firewall that runs within the Apache web server, and protects against HTTP DDoS attacks. mod_security supports both Apache 1.3.x and 2.0.x branches.
1. Download and compile the latest stable copy of mod_security from modsecurity.org. In our exercise below, we used modsecurity-apache_1.9.4.tar.gz (Apache 1.3.x) and modsecurity-apache_2.0.4.tar.gz (Apache 2.0.x).
bash# wget http://www.modsecurity.org/download/modsecurity-apache_1.9.4.tar.gz
bash# tar xfz modsecurity-apache_1.9.4.tar.gz
bash# modsecurity-apache_1.9.4
# Find a location of Apache Extension (apxs) binary, and run the following.
bash# type apxs
# OR
bash# find / -type f -name apxs -print
bash# $APACHE_ROOT/apxs -cia mod_security.c
2. Edit the httpd.conf (Apache configuration) file. Use your favorite text editor such as vi, pico or nano. Add or modify the following IfModule configuration options. For complete configuration options, consult mod_security documentation.
<IfModule mod_security.c>
# Turn the filtering engine On/Off
SecFilterEngine On
# Modify your Server Signature, or turn it off by setting it to empty string.
SecServerSignature ""
# Enforce URL encoding validation
SecFilterCheckURLEncoding On
# Unicode Encoding Validation
SecFilterCheckUnicodeEncoding Off
# Byte range
SecFilterForceByteRange 1 255
# The audit engine can be turned On of Off on the per server or
# per directory basis. "On" will log everything, "DynamicOrRelevant"
# will only log dynamic requests or violations, and "RelevantOnly"
# will only log policy violations
SecAuditEngine RelevantOnly
# The name of the audit log file
SecAuditLog /var/log/httpd/modsecurity_audit_log
# Whether the mod_security should inspect POST payloads
SecFilterScanPOST On
# Action to take by default
SecFilterDefaultAction "deny,log,status:500"
# Require HTTP_USER_AGENT and HTTP_HOST in all requests
SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
# Prevent paHow to install mod_security?
mod_evasive and mod_security modules are used to secure Apache Web Server from DDoS and brute force attacks by implementing web application firewall. For mod_evasive installation procedure, please use mod_evasive howto article.
mod_security is an open source web application firewall that runs within the Apache web server, and protects against HTTP DDoS attacks. mod_security supports both Apache 1.3.x and 2.0.x branches.
1. Download and compile the latest stable copy of mod_security from modsecurity.org. In our exercise below, we used modsecurity-apache_1.9.4.tar.gz (Apache 1.3.x) and modsecurity-apache_2.0.4.tar.gz (Apache 2.0.x).
bash# wget http://www.modsecurity.org/download/modsecurity-apache_1.9.4.tar.gz
bash# tar xfz modsecurity-apache_1.9.4.tar.gz
bash# modsecurity-apache_1.9.4
# Find a location of Apache Extension (apxs) binary, and run the following.
bash# type apxs
# OR
bash# find / -type f -name apxs -print
bash# $APACHE_ROOT/apxs -cia mod_security.c
2. Edit the htHow to install mod_security?
mod_evasive and mod_security modules are used to secure Apache Web Server from DDoS and brute force attacks by implementing web application firewall. For mod_evasive installation procedure, please use mod_evasive howto article.
mod_security is an open source web application firewall that runs within the Apache web server, and protects against HTTP DDoS attacks. mod_security supports both Apache 1.3.x and 2.0.x branches.
1. Download and compile the latest stable copy of mod_security from modsecurity.org. In our exercise below, we used modsecurity-apache_1.9.4.tar.gz (Apache 1.3.x) and modsecurity-apache_2.0.4.tar.gz (Apache 2.0.x).
bash# wget http://www.modsecurity.org/download/modsecurity-apache_1.9.4.tar.gz
bash# tar xfz modsecurity-apache_1.9.4.tar.gz
bash# modsecurity-apache_1.9.4
# Find a location of Apache Extension (apxs) binary, and run the following.
bash# type apxs
# OR
bash# find / -type f -name apxs -print
bash# $APACHE_ROOT/apxs -cia mod_security.c
2. Edit the httpd.conf (Apache configuration) file. Use your favorite text editor such as vi, pico or nano. Add or modify the following IfModule configuration options. For complete configuration options, consult mod_security documentation.
<IfModule mod_security.c>
# Turn the filtering engine On/Off
SecFilterEngine On
# Modify your Server Signature, or turn it off by setting it to empty string.
SecServerSignature ""
# Enforce URL encoding validation
SecFilterCheckURLEncoding On
# Unicode Encoding Validation
SecFilterCheckUnicodeEncoding Off
# Byte range
SecFilterForceByteRange 1 255
# The audit engine can be turned On of Off on the per server or
# per directory basis. "On" will log everything, "DynamicOrRelevant"
# will only log dynamic requests or violations, and "RelevantOnly"
# will only log policy violations
SecAuditEngine RelevantOnly
# The name of the audit log file
SecAuditLog /var/log/httpd/modsecurity_audit_log
# Whether the mod_security should inspect POST payloads
SecFilterScanPOST On
# Action to take by default
SecFilterDefaultAction "deny,log,status:500"
# Require HTTP_USER_AGENT and HTTP_HOST in all requests
SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
# Prevent path traversal (..) attacks
SecFilter "../"
# Weaker XSS protection but allows common HTML tags
SecFilter "<[[:space:]]*script"
# Prevent XSS atacks (HTML/Javascript injection)
SecFilter "<(.|n)+>"
# Very crude filters to prevent SQL injection attacks
SecFilter "delete[[:space:]]+from"
SecFilter "insert[[:space:]]+into"
SecFilter "select.+from"
# Protecting from XSS attacks through the PHP session cookie
SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"
</IfModule>
3. Restart Apache
bash# service httpd restarttpd.conf (Apache configuration) file. Use your favorite text editor such as vi, pico or nano. Add or modify the following IfModule configuration options. For complete configuration options, consult mod_security documentation.
<IfModule mod_security.c>
# Turn the filtering engine On/Off
SecFilterEngine On
# Modify your Server Signature, or turn it off by setting it to empty string.
SecServerSignature ""
# Enforce URL encoding validation
SecFilterCheckURLEncoding On
# Unicode Encoding Validation
SecFilterCheckUnicodeEncoding Off
# Byte range
SecFilterForceByteRange 1 255
# The audit engine can be turned On of Off on the per server or
# per directory basis. "On" will log everything, "DynamicOrRelevant"
# will only log dynamic requests or violations, and "RelevantOnly"
# will only log policy violations
SecAuditEngine RelevantOnly
# The name of the audit log file
SecAuditLog /var/log/httpd/modsecurity_audit_log
# Whether the mod_security should inspect POST payloads
SecFilterScanPOST On
# Action to take by default
SecFilterDefaultAction "deny,log,status:500"
# Require HTTP_USER_AGENT and HTTP_HOST in all requests
SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
# Prevent path traversal (..) attacks
SecFilter "../"
# Weaker XSS protection but allows common HTML tags
SecFilter "<[[:space:]]*script"
# Prevent XSS atacks (HTML/Javascript injection)
SecFilter "<(.|n)+>"
# Very crude filters to prevent SQL injection attacks
SecFilter "delete[[:space:]]+from"
SecFilter "insert[[:space:]]+into"
SecFilter "select.+from"
# Protecting from XSS attacks through the PHP session cookie
SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"
</IfModule>
3. Restart Apache
bash# service httpd restartth traversal (..) attacks
SecFilter "../"
# Weaker XSS protection but allows common HTML tags
SecFilter "<[[:space:]]*script"
# Prevent XSS atacks (HTML/Javascript injection)
SecFilter "<(.|n)+>"
# Very crude filters to prevent SQL injection attacks
SecFilter "delete[[:space:]]+from"
SecFilter "insert[[:space:]]+into"
SecFilter "select.+from"
# Protecting from XSS attacks through the PHP session cookie
SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"
</IfModule>
3. Restart Apache
bash# service httpd restarthe mod_security should inspect POST payloads
SecFilterScanPOST On
# Action to take by default
SecFilterDefaultAction "deny,log,status:500"
# Require HTTP_USER_AGENT and HTTP_HOST in all requests
SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
# Prevent path traversal (..) attacks
SecFilter "../"
# Weaker XSS protection but allows common HTML tags
SecFilter "<[[:space:]]*script"
# Prevent XSS atacks (HTML/Javascript injection)
SecFilter "<(.|n)+>"
# Very crude filters to prevent SQL injection attacks
SecFilter "delete[[:space:]]+from"
SecFilter "insert[[:space:]]+into"
SecFilter "select.+from"
# Protecting from XSS attacks through the PHP session cookie
SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"
</IfModule>
3. Restart Apache
bash# service httpd restart
No comments:
Post a Comment