Sysop:Mod Security

Aus immerda
Zur Navigation springen Zur Suche springen
How Mod Security works

Mod_Security is a module for the apache webserver, which parses any requests to the webserver against some rulesets. You can create easily your own ruleset, as well activate, deactivate certain rules. It is recommended to be used for any non-static webapplications which are attackable by simple post- and/or get-requests.



On gentoo emerge it

emerge mod_security

and then add


in /etc/conf.d/apache2. It seems that you have to enable as well mod_unique_id, which can be done by uncommenting the LoadModule line for this module in /etc/apache2/httpd.conf.

Then we need to tweak some configuration:


Change the log directory from /logs to /var/log/apache2/ . Thus they should look like this

SecAuditLog /var/log/apache2/modsec_audit.log
SecDebugLog /var/log/apache2/modsec_debug.log

Additional Rules you can put in /etc/apache2/modules.d/mod_security/ You can for example download additional on gotroot



turn it off

For example per VHost just place this there:

<IfModule mod_security2.c>
    SecRuleEngine Off

Or you can turn it off generally in /etc/apache2/modules.d/mod_security/modsecurity_crs_10_config.conf

and then add per VHost you want to enable it:

<IfModule mod_security2.c>
    SecRuleEngine On


On gotroot you can find additional rules which seems to sometimes a bit tight for your need. However it's good to load them and test for xour needs.

Blacklists to mod_sec rules