آموزش نصب mod_security

[Mohamad]

کد:

1. Login to your server through SSH and su to the root user.

2. First your going to start out by grabbing the latest version of mod_security
wget http://www.modsecurity.org/download/mod_security-1.7.4.tar.gz

3. Next we untar the archive and cd into the directory:
tar zxvf mod_security-1.7.4.tar.gz
cd mod_security-1.7.4/
4. Now you need to determine which version of apache you use:
APACHE 1.3.x users
cd apache1/ 
APACHE 2.x users
cd apache2/

5. Lets Compile the module now:
/usr/local/apache/bin/apxs -cia mod_security.c

6. Ok, now its time to edit the httpd conf file. First we will make a backup just incase something goes wrong:
cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.backup

7. Now that we have backed it all up, we can edit the httpd.conf. Replace pico with nano depending on what you have
pico /usr/local/apache/conf/httpd.conf

8. Lets look for something in the config, do this by holding control and pressing W and you are going to search for
<IfModule mod_dir.c> (altho any of the IfModules would work fine)
9. Now add this

<IfModule mod_security.c>
    # Turn the filtering engine On or Off
    SecFilterEngine On
    # Change Server: string
    SecServerSignature " "
    # Make sure that URL encoding is valid
    SecFilterCheckURLEncoding On
    # This setting should be set to On only if the Web site is
    # using the Unicode encoding. Otherwise it may interfere with
    # the normal Web site operation.
    SecFilterCheckUnicodeEncoding Off
    # Only allow bytes from this range
    SecFilterForceByteRange 1 255
    # The audit engine works independently and
    # can be turned On of Off on the per-server or
    # on the per-directory basis. "On" will log everything,
    # "DynamicOrRelevant" will log dynamic requests or violations,
    # and "RelevantOnly" will only log policy violations
    SecAuditEngine RelevantOnly
    # The name of the audit log file
    SecAuditLog /var/log/httpd/audit_log
    # Should mod_security inspect POST payloads
    SecFilterScanPOST On
    # Action to take by default
    SecFilterDefaultAction "deny,log,status:500"
    # Require HTTP_USER_AGENT and HTTP_HOST in all requests
    SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
    # Prevent path traversal (..) attacks
    SecFilter "\.\./"
    # Weaker XSS protection but allows common HTML tags
    SecFilter "<[[:space:]]*script"
    # Prevent XSS atacks (HTML/Javascript injection)
    SecFilter "<(.|n)+>"
    # Very crude filters to prevent SQL injection attacks
    SecFilter "delete[[:space:]]+from"
    SecFilter "insert[[:space:]]+into"
    SecFilter "select.+from"
    # Protecting from XSS attacks through the PHP session cookie
    SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
    SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"
</IfModule>
10. Save the file Ctrl + X then Y

11. Restart Apache

/etc/rc.d/init.d/httpd stop
/etc/rc.d/init.d/httpd start

You've successfully installed mod_security

کد:

منبع : webhostgear.com