wget http://www.modsecurity.org/download/modsecurity-apache-1.9.2.tar.gz |
gzip -d ./modsecurity-apache-1.9.2.tar.gz tar -xvf ./modsecurity-apache-1.9.2.tar |
apxs -cia mod_security.c |
mod_security.c: In function
`sec_audit_logger_concurrent': mod_security.c:5403: `APR_MD5_DIGESTSIZE' undeclared (first use in this function) mod_security.c:5403: (Each undeclared identifier is reported only once mod_security.c:5403: for each function it appears in.) apxs:Error: Command failed with rc=65536 |
Edit modsecurity.c #include <apr-0/apr_md5.h> #include <apr-0/apr_user.h> Then.. ln -s /usr/lib/libaprutil-0.so.0 /usr/lib/libaprutil-0.so ln -s /usr/lib/libapr-0.so.0 /usr/lib/libapr-0.so Compile.. apxs -cai -lapr-0 -laprutil-0 mod_security.c |
For Apache 1.x: AddModule mod_security.c For Apache 2.x: LoadModule security_module modules/mod_security.so |
Include conf.d/*.conf |
mkdir /etc/modsecurity wget http://www.gotroot.com/downloads/ftp/mod_security/apache2/apache2-gotrootrules-latest.tar.gz extract into /etc/modsecurity |
<IfModule mod_security.c> # Only inspect dynamic requests # (YOU MUST TEST TO MAKE SURE IT WORKS AS EXPECTED) #SecFilterEngine DynamicOnly SecFilterEngine On # Reject requests with status 500 SecFilterDefaultAction "deny,log,status:500" # Some sane defaults SecFilterScanPOST On SecFilterCheckURLEncoding On SecFilterCheckCookieFormat On SecFilterCheckUnicodeEncoding Off SecFilterNormalizeCookies On # enable version 1 (RFC 2965) cookies SecFilterCookieFormat 1 SecServerResponseToken Off #If you want to scan the output, uncomment these #SecFilterScanOutput On #SecFilterOutputMimeTypes "(null) text/html text/plain" # Accept almost all byte values SecFilterForceByteRange 1 255 # Server masking is optional #fake server banner - SecServerSignature "NOYB" #SecUploadDir /tmp #SecUploadKeepFiles Off # Only record the interesting stuff SecAuditEngine RelevantOnly SecAuditLog logs/audit_log # You normally won't need debug logging SecFilterDebugLevel 0 SecFilterDebugLog logs/modsec_debug_log #And now, the rules #Remove any of these Include lines you do not use or have rules for. #First, add in your exclusion rules: #These MUST come first! Include /etc/modsecurity/exclude.conf #Application protection rules Include /etc/modsecurity/rules.conf #Comment spam rules Include /etc/modsecurity/blacklist.conf #Bad hosts, bad proxies and other bad players Include /etc/modsecurity/blacklist2.conf #Bad clients, known bogus useragents and other signs of malware Include /etc/modsecurity/useragents.conf #Known bad software, rootkits and other malware Include /etc/modsecurity/rootkits.conf #Signatures to prevent proxying through your server #only rule these rules if your server is NOT a proxy Include /etc/modsecurity/proxy.conf #Additional rules for Apache 2.x ONLY! Do not add this line if you use Apache 1.x Include /etc/modsecurity/apache2-rules.conf </IfModule> |