logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> How-to's & Documentation & Tips View previous topic :: View next topic
Reply to topic   Topic: Simple check, if your mod_security is working
Author
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 3049
Location: Hilversum, NL, EU

PostPosted: Fri 06 Jun '08 20:31    Post subject: Simple check, if your mod_security is working Reply with quote

To check your mod_security, add to httpd.conf:

SecRuleEngine On
SecDefaultAction "deny,phase:2,status:403"

SecRule ARGS "\.\./" "t:normalizePathWin,id:50904,severity:4,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,msg:'Drive Access'"

Call your site with:

http://www.xxxx.com/?abc=../../

You should get a access denied and in the log:

Code:

[Fri Jun 06 20:14:52 2008] [error] [client 77.250.60.183] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\.\\./" at ARGS:abc. [file "D:/servers/apache/conf/httpd.conf"] [line "580"] [id "99999"] [msg "Drive Access"] [severity "WARNING"] [hostname "www.apachelounge.com"] [uri "/"] [unique_id "cCs1fsCoAAEAAAVkhmwAAABT"]


Steffen
Back to top
viktor951



Joined: 12 Jan 2011
Posts: 2

PostPosted: Thu 20 Jan '11 11:35    Post subject: Reply with quote

Hi,
Might you post some common web attacks to test the Security module please?
Not necessarily elaborated... because just as an example, I tried to enter Sql commands in a form text box which just displays it's content at the next line... and it passed... Or I try to put HTML content in it like <hr> <br> <i> ... and it passed too...
I tried a lot of requests but I had mod_security blocking them really few times... when putting code directly in the URL it sometimes worked...
I hope you'll be able to help me.
Bbye
Back to top
magnific0



Joined: 27 Jan 2011
Posts: 2

PostPosted: Fri 28 Jan '11 9:05    Post subject: Reply with quote

Scan your webserver with Nikto, a LOT of warnings should popup.

Linky: http://cirt.net/nikto2

You'll need active perl though: http://www.activestate.com/activeperl

Cheers!
Back to top
slogo



Joined: 14 Mar 2012
Posts: 5
Location: Paris, France

PostPosted: Wed 14 Mar '12 15:59    Post subject: mod security Reply with quote

hi lad, i wonder know if SecFilter is still available as rule on mod security , because apache don't recognize it!
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 3049
Location: Hilversum, NL, EU

PostPosted: Wed 14 Mar '12 16:27    Post subject: Reply with quote

SecFilter was a directive in ModSecurity 1.X, years ago Smile

See http://www.modsecurity.org/documentation/ModSecurity-Migration-Matrix.pdf


Steffen
Back to top
slogo



Joined: 14 Mar 2012
Posts: 5
Location: Paris, France

PostPosted: Wed 14 Mar '12 16:38    Post subject: Reply with quote

Thanks a lot
Back to top
slogo



Joined: 14 Mar 2012
Posts: 5
Location: Paris, France

PostPosted: Thu 15 Mar '12 10:36    Post subject: Reply with quote

hello, to creat a new rule, can i do it in modsecurity.conf, or in specific directory, because i think mod security have differents directories for different kind of attack isn't ?, and in that case where can i find those directories?
Thanks!
Back to top
slogo



Joined: 14 Mar 2012
Posts: 5
Location: Paris, France

PostPosted: Thu 15 Mar '12 10:50    Post subject: Reply with quote

hi, http://sourceforge.net/projects/mod-security/files/
this file contain lot of rule, this rull will be orgnazed on apache in directory, is it?
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 3049
Location: Hilversum, NL, EU

PostPosted: Thu 15 Mar '12 13:14    Post subject: Reply with quote

In the rules download e.g. modsecurity-crs_2.2.4.zip there is an install readme to guide you.

You can make modify rules or make your own rule. But you own rule. See the manual at http://sourceforge.net/apps/mediawiki/mod-security/


Steffen
Back to top
slogo



Joined: 14 Mar 2012
Posts: 5
Location: Paris, France

PostPosted: Mon 19 Mar '12 11:02    Post subject: Reply with quote

hello, during my searching on mod-security, i find lot of rules were already exist in apache,do you know some things can be done by mod-security, and not by apache ?
Back to top


Reply to topic   Topic: Simple check, if your mod_security is working View previous topic :: View next topic
Post new topic   Forum Index -> How-to's & Documentation & Tips