It then creates the directory that will contain information for Mod_security:
mkdir / var / tmp / ModSecurity
chown-R apache: apache / var / tmp / ModSecurity
And you restart Apache to take into account the changes:
/ Etc / init.d / httpd restart
And it scans the log files to detect possible problems:
tail-f / var / log / httpd / ModSecurity-audit.log
tail-f / var / log / httpd / error_log
For my part, I noticed that the logs in the message which came up often:
Request Missing a Host Header
Request Accept Header Missing year
Request Missing a User Agent Header
...
This happens when the client connects to the server uses headers misconfigured. This is not really a safety problem or, at least to be paranoid. So I turned off the layer that checks the headers like this:
cd / etc / httpd / modsecurity.d / base_rules /
mv modsecurity_crs_21_protocol_anomalies.conf \
modsecurity_crs_21_protocol_anomalies.conf.disable
I also disabled the rules that detect the bad robots. Because they block the requests made on site with wget or curl, or published many articles in favor of using these commands:
mv modsecurity_crs_35_bad_robots.conf \
modsecurity_crs_35_bad_robots.conf.disable
Bookmarks