logoon  windows
Apache Lounge
Webmasters

 


About

Forum Index Downloads Search Forum Register Log in  RSS Apache Lounge


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Apache Lounge is not sponsored by anyone.

Your donations will help to keep this site alive and well, and continuing the building of the binaries.




Simple check, if your mod_security is working

 
Post new topic   Reply to topic    Apache Forum Index -> How-to's & Documentation & Tips



View previous topic :: View next topic  
Author Message
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2123
Location: Hilversum, NL, EU

PostPosted: Fri 06 Jun '08 20:31    Post subject: Simple check, if your mod_security is working Reply with quote

To check your mod_security, add the rule:

SecRule ARGS "\.\./" "t:normalisePathWin,id:99999,severity:4,msg:'Drive Access'"

Call your site with:

http://www.xxxx.com/?abc=../../

You should get a access denied and in the log:

Code:

[Fri Jun 06 20:14:52 2008] [error] [client 77.250.60.183] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\.\\./" at ARGS:abc. [file "D:/servers/apache/conf/httpd.conf"] [line "580"] [id "99999"] [msg "Drive Access"] [severity "WARNING"] [hostname "www.apachelounge.com"] [uri "/"] [unique_id "cCs1fsCoAAEAAAVkhmwAAABT"]


Steffen
Back to top
viktor951



Joined: 12 Jan 2011
Posts: 2

PostPosted: Thu 20 Jan '11 11:35    Post subject: Reply with quote

Hi,
Might you post some common web attacks to test the Security module please?
Not necessarily elaborated... because just as an example, I tried to enter Sql commands in a form text box which just displays it's content at the next line... and it passed... Or I try to put HTML content in it like <hr> <br> <i> ... and it passed too...
I tried a lot of requests but I had mod_security blocking them really few times... when putting code directly in the URL it sometimes worked...
I hope you'll be able to help me.
Bbye
Back to top
magnific0



Joined: 27 Jan 2011
Posts: 2

PostPosted: Fri 28 Jan '11 9:05    Post subject: Reply with quote

Scan your webserver with Nikto, a LOT of warnings should popup.

Linky: http://cirt.net/nikto2

You'll need active perl though: http://www.activestate.com/activeperl

Cheers!
Back to top
slogo



Joined: 14 Mar 2012
Posts: 5
Location: Paris, France

PostPosted: Wed 14 Mar '12 15:59    Post subject: mod security Reply with quote

hi lad, i wonder know if SecFilter is still available as rule on mod security , because apache don't recognize it!
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2123
Location: Hilversum, NL, EU

PostPosted: Wed 14 Mar '12 16:27    Post subject: Reply with quote

SecFilter was a directive in ModSecurity 1.X, years ago Smile

See http://www.modsecurity.org/documentation/ModSecurity-Migration-Matrix.pdf


Steffen
Back to top
slogo



Joined: 14 Mar 2012
Posts: 5
Location: Paris, France

PostPosted: Wed 14 Mar '12 16:38    Post subject: Reply with quote

Thanks a lot
Back to top
slogo



Joined: 14 Mar 2012
Posts: 5
Location: Paris, France

PostPosted: Thu 15 Mar '12 10:36    Post subject: Reply with quote

hello, to creat a new rule, can i do it in modsecurity.conf, or in specific directory, because i think mod security have differents directories for different kind of attack isn't ?, and in that case where can i find those directories?
Thanks!
Back to top
slogo



Joined: 14 Mar 2012
Posts: 5
Location: Paris, France

PostPosted: Thu 15 Mar '12 10:50    Post subject: Reply with quote

hi, http://sourceforge.net/projects/mod-security/files/
this file contain lot of rule, this rull will be orgnazed on apache in directory, is it?
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2123
Location: Hilversum, NL, EU

PostPosted: Thu 15 Mar '12 13:14    Post subject: Reply with quote

In the rules download e.g. modsecurity-crs_2.2.4.zip there is an install readme to guide you.

You can make modify rules or make your own rule. But you own rule. See the manual at http://sourceforge.net/apps/mediawiki/mod-security/


Steffen
Back to top
slogo



Joined: 14 Mar 2012
Posts: 5
Location: Paris, France

PostPosted: Mon 19 Mar '12 11:02    Post subject: Reply with quote

hello, during my searching on mod-security, i find lot of rules were already exist in apache,do you know some things can be done by mod-security, and not by apache ?
Back to top


Post new topic   Reply to topic    Apache Forum Index -> How-to's & Documentation & Tips
Page 1 of 1