Mon 27 Nov 2006
First let me explain to the best of my knowledge what does mod_security means ?
Mod_Security is an open source intruction detection and prevention engine for web applications, you can also say is a web application firewall. Operating as an Apache Web server module. The current stable version of it is 1.9.4.The purpose of ModSecurity is to increase web application security, protecting web applications from unknown attacks.
Now, lets go for the installation.
1. Login to the server with root password.
2. Downlaod of the latest version of mod_security
wget www.modsecurity.org/download/mod_security-1.7.4.tar.gz
3 Untar the file.
tar zxvf mod_security-1.7.4.tar.gz
4. Now, cd mod_security-1.7.4/
5. Now check for apache version is installed on the server
APACHE 1.3.x users
cd apache1/
APACHE 2.x users
cd apache2/
6. Compliling the module
/usr/local/apache/bin/apxs -cia mod_security.c
7. Edit the apache config file now, just take the backup of the file if needed for precaution.
vi /usr/local/apache/conf/httpd.conf
Now, make or check the following things there 
# Turn the filtering engine On or Off
SecFilterEngine On
# Change Server: string
SecServerSignature †â€
# Make sure that URL encoding is valid
SecFilterCheckURLEncoding On
# This setting should be set to On only if the Web site is
# using the Unicode encoding. Otherwise it may interfere with
# the normal Web site operation.
SecFilterCheckUnicodeEncoding Off
# Only allow bytes from this range
SecFilterForceByteRange 1 255
# The audit engine works independently and
# can be turned On of Off on the per-server or
# on the per-directory basis. “On†will log everything,
# “DynamicOrRelevant†will log dynamic requests or violations,
# and “RelevantOnly†will only log policy violations
SecAuditEngine RelevantOnly
# The name of the audit log file
SecAuditLog /var/log/httpd/audit_log
# Should mod_security inspect POST payloads
SecFilterScanPOST On
# Action to take by default
SecFilterDefaultAction “deny,log,status:500″
# Require HTTP_USER_AGENT and HTTP_HOST in all requests
SecFilterSelective “HTTP_USER_AGENT|HTTP_HOST†“^$â€
# Prevent path traversal (..) attacks
SecFilter “../â€
# Weaker XSS protection but allows common HTML tags
SecFilter “â€
# Very crude filters to prevent SQL injection attacks
SecFilter “delete[[:space:]]+fromâ€
SecFilter “insert[[:space:]]+intoâ€
SecFilter “select.+fromâ€
# Protecting from XSS attacks through the PHP session cookie
SecFilterSelective ARG_PHPSESSID “!^[0-9a-z]*$â€
SecFilterSelective COOKIE_PHPSESSID “!^[0-9a-z]*$â€
8. Last but not the least — Restart Apache.
You have done with the installation’s
Leave a Reply
You must be logged in to post a comment.