mod_security 是 Apache的一個模組,可以提供入侵偵測及防禦,它就如同是web應用程式的防火牆可以用來抵擋知名及不知名的攻擊如 SQL injection attacks, cross-site scripting, path traversal attacks。
quote: http://www.modsecurity.org/documentation/modsecurity-apache/2.5.12/html-multipage/introduction.html
ModSecurity is a web application firewall (WAF). With over 70% of attacks now carried out over the web application level, organisations need all the help they can get in making their systems secure. WAFs are deployed to establish an increased external security layer to detect and/or prevent attacks before they reach web applications. ModSecurity provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with little or no changes to existing infrastructure.
安裝–
下載套件: http://www.modsecurity.org/download/
編譯
tar zxvf modsecurity-apache_2.5.12.tar.gz
cd modsecurity-apache_2.5.12/apache2
./configure;make;make install
設定–
複製conf檔
cd ..
cp -rp modsecurity.conf-minimal /etc/httpd/conf.d/modsecurity.conf
編輯 conf
vi /etc/httpd/conf.d/modsecurity.conf
# 在開頭加入以下三行
LoadFile /usr/lib/libxml2.so
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule security2_module modules/mod_security2.so
# 在結尾加入 ***
Include mod_security/*.conf
建立目錄
mkdir /etc/httpd/mod_security
複製 rules
cp -rp rules/base_rules/* /etc/httpd/mod_security/
重啟 apache
apachectl -t
Service httpd restart
Rules說明
參考: http://wiki.oss.org.tw/index.php/ModSecurity
語法: SecRule VARIABLES OPERATOR [ACTIONS]
1. VARIABLES:指定哪些變數要進行處理
2. OPERATOR:要如何處理這些變數取得我們想要的
3. ACTIONS (optional):當達到上述的處理時,要做什麼動作
Rules下載
http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project#tab=Download
參考文件
http://www.modsecurity.org/documentation/
http://wiki.oss.org.tw/index.php/ModSecurity
http://phorum.study-area.org/index.php?topic=39489.0
範例
SecServerSignature “Cross/1.0“
SecRule REMOTE_ADDR “^10.10.10.63$” “phase:1,deny,log,msg:’deny from 10.10.10.63′”
or 1=1
FQA
安裝 mod_security
設定 mod_security
隱藏 apache 版本
阻擋某一來源 IP
阻擋 SQL Injection
如何重導網頁
如何讓自訂的msg顯示在瀏覽器上
留言