Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: troubles with mod_security |
|
| Author |
|
viktor951
Joined: 12 Jan 2011
Posts: 2
|
 Posted: Wed 12 Jan '11 16:29 Post subject: troubles with mod_security |
 |
|
HI @ all,
I'm trying to secure my web server with Apache modules.
I'vz already implemented mod_proxy for the reverse proxy aspect and mod_ssl to provide a secure access to my server.
I have had a lot of difficulties to enable mod_security (particulary because of problems with dlls) and after a lot of time on it i'm stuck with a configuration problem... Here is what I add to httpd :
| Code: |
<Directory "c:/wamp/www/test/">
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride all
#
# Controls who can get stuff from this server.
#
# onlineoffline tag - don't remove
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Allow from 172.16.10.4
</Directory>
NameVirtualHost *:443
NameVirtualHost *:80
<VirtualHost *:80>
<IfModule proxy_module>
<Proxy *>
Order allow,deny
Allow from *
</Proxy>
ProxyPass /demo/ http://www.mydomain.com/test/cache/Wouhou/
ProxyPassReverse /demo/ http://www.mydomain.com/test/cache/Wouhou/
<Location /demo/>
Order allow,deny
Allow from all
</Location>
</IfModule>
</VirtualHost>
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile conf/ssl/www.mydomain.com.cert
SSLCertificateKeyFile conf/ssl/www.mydomain.com.key
<IfModule proxy_module>
<Proxy *>
Order allow,deny
Allow from *
</Proxy>
ProxyPass /demo/ http://www.mydomain.com/test/cache/Wouhou/
ProxyPassReverse /demo/ http://www.mydomain.com/test/cache/Wouhou/
<Location /demo/>
Order allow,deny
Allow from all
</Location>
</IfModule>
</VirtualHost>
|
I still listen to port 80 during devellopement to test the changes I make...
I don't know where to put the conf for mod_security... Is it inside a vhost or anywhere?
Anyway I tried that outside the <virtual host> :
| Code: | <IfModule security2_module>
SecRuleEngine On
#SecFilterScanPOST On
#SecFilterCheckURLEncoding On
SecDefaultAction log,auditlog,deny,status:403,phase:2,t:lowercase,t:replaceNulls,t:compressWhitespace
#SecFilterDefaultAction "deny,log,status:412"
SecAuditEngine RelevantOnly
SecAuditLogType Serial
SecAuditLog logs/mod_security2.log
SecServerSignature "Microsoft-IIS"
#SecFilter "delete[[:space:]]+from"
#SecFilter "insert[[:space:]]+into"
#SecFilter "select.+from"
</IfModule> |
It is working this way ... But if I try to add a rule or uncomment one of those, my apache can't start... I don't know why... I think it's a problem with the SecFilter directives but I don't know how it works so it's a bit complicated to debug 
If someone is able to help I would be really thankfull !
Bye, regards |
|
| Back to top |
|
|
|
|
|
|
