Tweet
Install or Update to version 1.9.3 all same
Hello,
Open Source Web Application Firewall
ModSecurity at work
ModSecurity is an open source intrusion detection and prevention engine for web applications (or a web application firewall). Operating as an Apache Web server module or standalone, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks.
Apache 1.x
Code:
Apache 2.x
Code:
edit httpd.conf
Code:
find mod_security then past this after
Code:
Search for ‘AddModule’ string, and make sure that AddModule mod_security.c
Do a safe apache restart
Code:
if you want update mini rules
Code:
If you use APF with big black list your server load gone higher then normal, use KISS and you will see stable & normal load
Hello,
Open Source Web Application Firewall
ModSecurity at work
ModSecurity is an open source intrusion detection and prevention engine for web applications (or a web application firewall). Operating as an Apache Web server module or standalone, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks.
Apache 1.x
Code:
Code:
wget [url]http://www.web4host.net/tools/modsecurity-apache1.sh[/url] chmod 755 modsecurity-apache1.sh sh modsecurity-apache1.sh
Code:
Code:
wget [url]http://www.web4host.net/tools/modsecurity-apache2.sh[/url] chmod 755 modsecurity-apache2.sh sh modsecurity-apache2.sh
Code:
Code:
nano -w /etc/httpd/conf/httpd.conf
Code:
Code:
<IfModule mod_security.c> # Only inspect dynamic requests # (YOU MUST TEST TO MAKE SURE IT WORKS AS EXPECTED) #SecFilterEngine DynamicOnly SecFilterEngine On # Reject requests with status 500 SecFilterDefaultAction "deny,log,status:500" # Some sane defaults SecFilterScanPOST On SecFilterCheckURLEncoding On SecFilterCheckCookieFormat On SecFilterCheckUnicodeEncoding Off SecFilterNormalizeCookies On # enable version 1 (RFC 2965) cookies SecFilterCookieFormat 1 SecServerResponseToken Off #If you want to scan the output, uncomment these #SecFilterScanOutput On #SecFilterOutputMimeTypes "(null) text/html text/plain" # Accept almost all byte values SecFilterForceByteRange 1 255 # Server masking is optional #fake server banner - NOYB used - no one needs to know what we are using SecServerSignature "Power MOD by web4host.net" #SecUploadDir /tmp #SecUploadKeepFiles Off # Only record the interesting stuff SecAuditEngine RelevantOnly SecAuditLog logs/audit_log # You normally won't need debug logging SecFilterDebugLevel 0 SecFilterDebugLog logs/modsec_debug_log #Use one rules - Remove # to active Rules # V1.0 #Include /etc/modsecurity/mini1.conf # V2.0 #Include /etc/modsecurity/mini2.conf # V3.0 #Include /etc/modsecurity/mini3.conf # V4.0 #Include /etc/modsecurity/mini.conf # V5.0 #Include /etc/modsecurity/mini.conf </IfModule>
Do a safe apache restart
Code:
Code:
/sbin/service httpd restartRemove # to active Rules (V1.0=low load / V5.0=more load)
Code:
Code:
wget [url]http://www.web4host.net/tools/modsecurity-rule.sh[/url] chmod 755 modsecurity-rule.sh ./modsecurity-rule.sh
