Mod_security

Um das Programm gallery zu betreiben muss in der PHP.ini

safe_mode= off sein. Zur Gewährleistung der Sicherheit sollte mod_security

installiert werden.:::

# Original source by: Ivan Ristic <ivanr@webkreator.com>
# Original Home: http://www.modsecurity.org/
# Win32 binary by: Steffen# Mail: info@apachelounge.com# Home: http://www.apachelounge.com/
# Last Update: 6 May ’07 updated modsecurity-core-rules to version 2.1-1.4
# Works only with Apache 2.0.x #ModSecurity 2 is not backward compatible with ModSecurity 1.x.
#The module is build with Visual Studio® 2005 Service Pack 1,
#be sure to install the new Visual C++ 2005 Redistributable Package,see below.

# Install:
– Create a folder …/apache2/modules/mod_security2 and copy mod_security2.so and libxml2.dll to this folder
– Copy apache.exe.manifest to the Apache2/bin folder
– Install the Visual C++ 2005 SP1 Redistributable Package (the binary is build with VC 2005 SP1)
  Download and install, if you not done it already, from:
  http://www.apachelounge.com/download/vcredist_x86-sp1.exe

# Add to your httpd.conf:
– LoadModule security2_module modules/mod_security2/mod_security2.so

– Enable the module unique_id by uncommenting:
  LoadModule unique_id_module modules/mod_unique_id.so
# Configuration: see the included documentation in the .zip
# Core Rules Files modsecurity_crs_10_config.conf bis modsecurity_crs_55_marketing.conf
# in den Apache Ordner conf/modesecurity/ kopieren und in der httpd.conf des Apache includieren
#Include conf/modesecurity/*.conf
#Achtung ,die ursprüngliche …21…config Datei schließt zugriffe über IP auf Server aus
#Folgendes auskommentieren:
#SecRule REQUEST_HEADERS:Host „^[\d\.]+$“ „deny,log,auditlog,status:400,msg:’Host header is a numeric IP address‘, severity:’2′,,id:’960017′,“
#Beispiel einer Attacke:http://192.168.2.5/excel/forum/viewforum.php?f=1?param=val%A
# im Apache Verzeichnis /logs muß die Attacke dokumentiert sein File:mod_security2
#
# A very quick start:
# Folgenden Code in die httpd.conf des Apache einfügen

SecRuleEngine On
SecDefaultAction log,auditlog,deny,status:403,phase:2,t:lowercase,t:replaceNulls,t:compressWhitespace
SecAuditEngine RelevantOnly
SecAuditLogType Serial
SecAuditLog logs/mod_security2.log
## — General rules ——————–
SecRule ARGS „c:/“ t:normalisePathWin
SecRule ARGS „\.\./“ t:normalisePathWin
SecRule ARGS „d:/“ t:normalisePathWin
## — phpBB attack ——————–
SecRule ARGS:highlight „(\x27|%27|\x2527|%2527)“

2) Add the following line to your httpd.conf (assuming
     you’ve placed the rule files into conf/modsecurity/):
     Include conf/modsecurity/*.conf
  3) Restart web server.

  4) Make sure your web sites are still running fine.

 beispiel1.jpg

Hinterlassen Sie eine Antwort

Sie müssen angemeldet sein, um einen Kommentar abzugeben.


Zur Werkzeugleiste springen