| 
 
 
 | 
| Keep Server Online 
 If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
 
 or
 
 
   
 A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
 
 Thank You! Steffen
 
 Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
 |  | 
 | 
| | 
| | 
|  Topic: Simple check,  if your mod_security is working |  |  
| Author |  |  
| Steffen Moderator
 
 
 Joined: 15 Oct 2005
 Posts: 3130
 Location: Hilversum, NL, EU
 
 | 
|  Posted: Fri 06 Jun '08 20:31    Post subject: Simple check,  if your mod_security is working |   |  
| 
 |  
| To check your mod_security, add  to httpd.conf: 
 SecRuleEngine On
 SecDefaultAction "deny,phase:2,status:403"
 
 SecRule ARGS "\.\./" "t:normalizePathWin,id:50904,severity:4,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,msg:'Drive Access'"
 
 Call your site with:
 
 http://www.xxxx.com/?abc=../../
 
 You should get a access denied and in the log:
 
 
  	  | Code: |  	  | [Fri Jun 06 20:14:52 2008] [error] [client 77.250.60.183] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\.\\./" at ARGS:abc. [file "D:/servers/apache/conf/httpd.conf"] [line "580"] [id "99999"] [msg "Drive Access"] [severity "WARNING"] [hostname "www.apachelounge.com"] [uri "/"] [unique_id "cCs1fsCoAAEAAAVkhmwAAABT"]
 | 
 
 Steffen
 |  |  
| Back to top |  |  
| viktor951 
 
 
 Joined: 12 Jan 2011
 Posts: 2
 
 
 | 
|  Posted: Thu 20 Jan '11 11:35    Post subject: |   |  
| 
 |  
| Hi, Might you post some common web attacks to test the Security module please?
 Not necessarily elaborated... because just as an example, I tried to enter Sql commands in a form text box which just displays it's content at the next line... and it passed... Or I try to put HTML content in it like <hr> <br> <i> ... and it passed too...
 I tried a lot of requests but I had mod_security blocking them really few times... when putting code directly in the URL it sometimes worked...
 I hope you'll be able to help me.
 Bbye
 |  |  
| Back to top |  |  
| magnific0 
 
 
 Joined: 27 Jan 2011
 Posts: 2
 
 
 |  |  
| Back to top |  |  
| slogo 
 
 
 Joined: 14 Mar 2012
 Posts: 5
 Location: Paris, France
 
 | 
|  Posted: Wed 14 Mar '12 15:59    Post subject: mod security |   |  
| 
 |  
| hi lad, i wonder know if SecFilter is still available as rule on mod security , because apache don't recognize it! |  |  
| Back to top |  |  
| Steffen Moderator
 
 
 Joined: 15 Oct 2005
 Posts: 3130
 Location: Hilversum, NL, EU
 
 |  |  
| Back to top |  |  
| slogo 
 
 
 Joined: 14 Mar 2012
 Posts: 5
 Location: Paris, France
 
 | 
|  Posted: Wed 14 Mar '12 16:38    Post subject: |   |  
| 
 |  
| Thanks a lot |  |  
| Back to top |  |  
| slogo 
 
 
 Joined: 14 Mar 2012
 Posts: 5
 Location: Paris, France
 
 | 
|  Posted: Thu 15 Mar '12 10:36    Post subject: |   |  
| 
 |  
| hello, to creat a new rule, can i do it in modsecurity.conf, or in specific directory, because i think mod security have differents directories for different kind of attack isn't ?, and in that case where can i find those directories? Thanks!
 |  |  
| Back to top |  |  
| slogo 
 
 
 Joined: 14 Mar 2012
 Posts: 5
 Location: Paris, France
 
 |  |  
| Back to top |  |  
| Steffen Moderator
 
 
 Joined: 15 Oct 2005
 Posts: 3130
 Location: Hilversum, NL, EU
 
 | 
|  Posted: Thu 15 Mar '12 13:14    Post subject: |   |  
| 
 |  
| In the rules download e.g. modsecurity-crs_2.2.4.zip there is an install readme to guide you. 
 You can make modify rules or make your own rule. But  you own rule. See the manual at http://sourceforge.net/apps/mediawiki/mod-security/
 
 
 Steffen
 |  |  
| Back to top |  |  
| slogo 
 
 
 Joined: 14 Mar 2012
 Posts: 5
 Location: Paris, France
 
 | 
|  Posted: Mon 19 Mar '12 11:02    Post subject: |   |  
| 
 |  
| hello, during my searching on mod-security, i find lot of rules were already exist in apache,do you know some things can be done by mod-security, and not by apache ? |  |  
| Back to top |  |  
 
 | 
 |  | 
 |  |