Go Back   TechArena Community > Software > Tips & Tweaks
Become a Member!
Forgot your username/password?
Tags Active Topics RSS Search Mark Forums Read

Thread Tools Search this Thread
Old 28-01-2011
Join Date: Jul 2010
Posts: 142
Installation and configuration of mod_security

Mod_security is a firewall application that presents itself as a module for the Apache Web server. Its role is to detect and protect the server against attacks of all kinds: SQL injection, cross-site scripting (XSS) ... Here's how to install and configure it for basic use.

Installation of mod_security

Mod_security to install a RPM based distribution (Red Hat, CentOS, Fedora ...), open a terminal and run the following command as root:
yum install mod_security
Or this one for a distribution based on Debian:
sudo apt-get install libapache2-mod-security2
Reply With Quote
Old 28-01-2011
Join Date: Jul 2010
Posts: 142
Re: Installation and configuration of mod_security

Basic configuration of mod_security

To establish the minimum distribution based on Debian, just copy the example file like this:
sudo cp / usr / share / doc / mod-security-common / examples / modsecurity.conf-minimal / etc/apache2/conf.d/mod-security.conf
For RPM based distribution (Red Hat, CentOS ...), the default configuration is already installed in the / etc / httpd / modsecurity.d. The next step will be setting up some basic options for the module to work properly. Here is a sample configuration to make the end of the file / etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf:
# Mod_security is activated for all sites
 It SecRuleEngine

 # Signature of Server
 SecServerSignature "Skynet"

 # Allow mod_security to analyze
 # Body of requests and responses
 It SecRequestBodyAccess
 SecResponseBodyAccess Off

 # Maximum size of the applications received (128k)
 SecRequestBodyLimit 131072

 # Store up to 128 KB in memory
 SecRequestBodyInMemoryLimit 131072

 # Maximum size of the requests for response (512k)
 SecResponseBodyLimit 524288

 # It indicates a directory or mod_security can store information
 SecDataDir "/ var / tmp / ModSecurity"

 # Managing logs
 # The three options are On, Off and RelevantOnly
 # Allows not to log the queries that generate an alert
 SecAuditEngine RelevantOnly
 # It specifies which status must be logged
 # Ex: ^ [45] log errors 4XX and 5XX Server
 SecAuditLogRelevantStatus ^ 5
 SecAuditLogParts ABIFHZ
 Serial SecAuditLogType
 SecAuditLog / var / log / httpd / ModSecurity-audit.log

 # Log debug Management
 SecDebugLog / var / log / httpd / ModSecurity-debug.log
 SecDebugLogLevel 0
Reply With Quote
Old 28-01-2011
Join Date: Jul 2010
Posts: 142
Re: Installation and configuration of mod_security

It then creates the directory that will contain information for Mod_security:
mkdir / var / tmp / ModSecurity
chown-R apache: apache / var / tmp / ModSecurity
And you restart Apache to take into account the changes:
/ Etc / init.d / httpd restart
And it scans the log files to detect possible problems:
tail-f / var / log / httpd / ModSecurity-audit.log
tail-f / var / log / httpd / error_log
For my part, I noticed that the logs in the message which came up often:
Request Missing a Host Header
Request Accept Header Missing year
Request Missing a User Agent Header
This happens when the client connects to the server uses headers misconfigured. This is not really a safety problem or, at least to be paranoid. So I turned off the layer that checks the headers like this:
cd / etc / httpd / modsecurity.d / base_rules /
mv modsecurity_crs_21_protocol_anomalies.conf \
I also disabled the rules that detect the bad robots. Because they block the requests made on site with wget or curl, or published many articles in favor of using these commands:
mv modsecurity_crs_35_bad_robots.conf \
Reply With Quote
Old 28-01-2011
Join Date: Jul 2010
Posts: 142
Re: Installation and configuration of mod_security

Disabling mod_security for a specific website

Using Mod_security had some side effects on Tux-planet. In fact, I had many problems with the admin interface of WordPress. The module had a tendency to block certain actions such as writing articles or amendments options ... Many sites provide exception rules to apply, for me they were not working. As I am the only one to access the management interface and that it is already protected by one. Htaccess, I chose to disable the security module for part of this site. Here is an example of configuring Apache to use to disable a Mod_security virtuahost:
# This disables mod_security for the admin of wordpress
 <LocationMatch "/wp-admin">
   <IfModule Mod_security2.c>
     SecRuleEngine Off
   </ IfModule>
 </ LocationMatch>

Security Test

I strongly discourages the establishment of Mod_security on a production server, not least because this kind of application firewall generates false positives. Here are some examples of tests that can be achieved. The following actions should be blocked for example:
  • enter 'OR 1 = 1 "in a search box
  • add "<script> xss </ script>" at the end of a URL of the site
  • add "/../../ etc / passwd "at the end of a URL of the site
Also consider legitimate test forms. For example, adding comments to a site based on WordPress, or adding a message on a forum should function normally.
Reply With Quote

  TechArena Community > Software > Tips & Tweaks
Tags: , , , , , , , ,

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads for: "Installation and configuration of mod_security"
Thread Thread Starter Forum Replies Last Post
Working with Android : Part 1 -Installation and Configuration thomas6188 Guides & Tutorials 1 29-12-2010 06:34 PM
How to add mod_security to centos 5 via easyapache Tionontati Software Development 6 19-06-2010 12:30 AM
What is the best configuration for a fresh Windows 7 installation?? Servant Operating Systems 5 16-12-2009 04:19 PM
PHP (Hypertext Preprocessor): Installation and Configuration - Manual Pyrotechnic Guides & Tutorials 5 24-03-2009 10:45 PM
MTNL Triband Installation and Configuration Procedure Users Guides & Tutorials 6 19-02-2009 11:38 AM

All times are GMT +5.5. The time now is 07:10 PM.