Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Simple check, if your mod_security is working |
|
| Author |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU
|
 Posted: Fri 06 Jun '08 20:31 Post subject: Simple check, if your mod_security is working |
 |
|
To check your mod_security, add to httpd.conf:
SecRuleEngine On
SecDefaultAction "deny,phase:2,status:403"
SecRule ARGS "\.\./" "t:normalizePathWin,id:50904,severity:4,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,msg:'Drive Access'"
Call your site with:
http://www.xxxx.com/?abc=../../
You should get a access denied and in the log:
| Code: |
[Fri Jun 06 20:14:52 2008] [error] [client 77.250.60.183] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\.\\./" at ARGS:abc. [file "D:/servers/apache/conf/httpd.conf"] [line "580"] [id "99999"] [msg "Drive Access"] [severity "WARNING"] [hostname "www.apachelounge.com"] [uri "/"] [unique_id "cCs1fsCoAAEAAAVkhmwAAABT"] |
Steffen |
|
| Back to top |
|
viktor951
Joined: 12 Jan 2011
Posts: 2
|
| Posted: Thu 20 Jan '11 11:35 Post subject: |
|
|
Hi,
Might you post some common web attacks to test the Security module please?
Not necessarily elaborated... because just as an example, I tried to enter Sql commands in a form text box which just displays it's content at the next line... and it passed... Or I try to put HTML content in it like <hr> <br> <i> ... and it passed too...
I tried a lot of requests but I had mod_security blocking them really few times... when putting code directly in the URL it sometimes worked...
I hope you'll be able to help me.
Bbye |
|
| Back to top |
|
magnific0
Joined: 27 Jan 2011
Posts: 2
|
|
| Back to top |
|
slogo
Joined: 14 Mar 2012
Posts: 5
Location: Paris, France
|
| Posted: Wed 14 Mar '12 15:59 Post subject: mod security |
|
|
| hi lad, i wonder know if SecFilter is still available as rule on mod security , because apache don't recognize it! |
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU
|
|
| Back to top |
|
slogo
Joined: 14 Mar 2012
Posts: 5
Location: Paris, France
|
| Posted: Wed 14 Mar '12 16:38 Post subject: |
|
|
| Thanks a lot |
|
| Back to top |
|
slogo
Joined: 14 Mar 2012
Posts: 5
Location: Paris, France
|
| Posted: Thu 15 Mar '12 10:36 Post subject: |
|
|
hello, to creat a new rule, can i do it in modsecurity.conf, or in specific directory, because i think mod security have differents directories for different kind of attack isn't ?, and in that case where can i find those directories?
Thanks! |
|
| Back to top |
|
slogo
Joined: 14 Mar 2012
Posts: 5
Location: Paris, France
|
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU
|
| Posted: Thu 15 Mar '12 13:14 Post subject: |
|
|
In the rules download e.g. modsecurity-crs_2.2.4.zip there is an install readme to guide you.
You can make modify rules or make your own rule. But you own rule. See the manual at http://sourceforge.net/apps/mediawiki/mod-security/
Steffen |
|
| Back to top |
|
slogo
Joined: 14 Mar 2012
Posts: 5
Location: Paris, France
|
| Posted: Mon 19 Mar '12 11:02 Post subject: |
|
|
| hello, during my searching on mod-security, i find lot of rules were already exist in apache,do you know some things can be done by mod-security, and not by apache ? |
|
| Back to top |
|
|
|
|
|
|
