Mod_Security : How to use and How to install it Mod_Security

Ideal place for discussions related to Linux/Windows server security, Apache, MySQL, MS SQL and PHP, including tutorials and questions.
hrdedicated
Site Admin
Posts: 50
Joined: Thu May 30, 2013 10:28 pm

Mod_Security : How to use and How to install it Mod_Security

Postby hrdedicated » Sat Jun 01, 2013 12:05 pm

Mod_Security

Intruduction:

ModSecurity is a free open source web application firewall which can help you to guard against LFI (local file inclusion attacks) and SQL injection vulnerabilities.

CPanel Installation:

1. Login to server as root

2. /script/easyapache >> Prefer this steps for Cpanel/WHM servers

3. Search for mod security option in it and select it.

Source Installation:

That should install mod security in your cpanel. Under apache it should show under installed modules if you run test.php with phpinfo() in it. Try adding some mod security rules. Installing mod_security could be sometimes complicated. Dont use apxs for compiling mod_security as it causes number of problems.
How to install?

1. Login to your server through SSH and su to the root user.

2. First your going to start out by grabbing the latest version of mod_security
wget http://www.modsecuri...ty-1.7.4.tar.gz

3. Next we untar the archive and cd into the directory:
tar zxvf mod_security-1.7.4.tar.gz
cd mod_security-1.7.4/

4. Now you need to determine which version of apache you use:
root@[~]# /usr/local/apache/bin/httpd -V
Server version: Apache/2.2.17 (Unix)

5. Lets Compile the module now:
/usr/local/apache/bin/apxs -cia mod_security.c

6. Ok, now its time to edit the httpd conf file. First we will make a backup just incase something goes wrong:

cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.backup

7. Now that we have backed it all up, we can edit the httpd.conf.
vi /usr/local/apache/conf/httpd.conf

8. Lets look for something in the config, do this by holding control and pressing W and you are going to search for
<IfModule mod_dir.c> (altho any of the IfModules would work fine)

9. Now add this

<IfModule mod_security.c>
# Turn the filtering engine On or Off
SecFilterEngine On
# Change Server: string
SecServerSignature " "
# Make sure that URL encoding is valid
SecFilterCheckURLEncoding On
# This setting should be set to On only if the Web site is
# using the Unicode encoding. Otherwise it may interfere with
# the normal Web site operation.
SecFilterCheckUnicodeEncoding Off
# Only allow bytes from this range
SecFilterForceByteRange 1 255
# The audit engine works independently and
# can be turned On of Off on the per-server or
# on the per-directory basis. "On" will log everything,
# "DynamicOrRelevant" will log dynamic requests or violations,
# and "RelevantOnly" will only log policy violations
SecAuditEngine RelevantOnly
# The name of the audit log file
SecAuditLog /var/log/httpd/audit_log
# Should mod_security inspect POST payloads
SecFilterScanPOST On
# Action to take by default
SecFilterDefaultAction "deny,log,status:500"
# Require HTTP_USER_AGENT and HTTP_HOST in all requests
SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
# Prevent path traversal (..) attacks
SecFilter "\.\./"
# Weaker XSS protection but allows common HTML tags
SecFilter "<[[:space:]]*script"
# Prevent XSS atacks (HTML/Javascript injection)
SecFilter "<(.|n)+>"
# Very crude filters to prevent SQL injection attacks
SecFilter "delete[[:space:]]+from"
SecFilter "insert[[:space:]]+into"
SecFilter "select.+from"
# Protecting from XSS attacks through the PHP session cookie
SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"
</IfModule>

10. Save the file :wq!

11. Restart Apache

/etc/rc.d/init.d/httpd stop
/etc/rc.d/init.d/httpd start

Installation Complete

How Disabling Mod-Security for a single account

To disable the mod_security for a particular account, just add the following in the users .htaccess file
1. vi /home/username/public_html/.htaccess
SecFilterEngine Off
SecFilterScanPOST Off

Thats it.

Return to “System Security”

Who is online

Users browsing this forum: No registered users and 2 guests