hi!,
ich habe mir Heute den Apache2.2.2 kompiliert und es es funktioniert auch alles außer mod_security...
mod_security wurde mit:
kompiliert, ist als modul vorhanden und in der "httpd.conf" geladen.
Die "modsecurity.conf" habe ich in: "/usr/local/apache2.2.2/conf/extra" abgespeichert.
error_log in: "/usr/local/apache2.2.2/logs", gibt folgendes aus:
Ich verwende die Rules von gotroot.
Zum Schluss, meine modsecurity.conf:
Danke!,
faxi
ich habe mir Heute den Apache2.2.2 kompiliert und es es funktioniert auch alles außer mod_security...
mod_security wurde mit:
Code:
/usr/local/apache2.2.2/bin/apxs -cia mod_security.c
Die "modsecurity.conf" habe ich in: "/usr/local/apache2.2.2/conf/extra" abgespeichert.
error_log in: "/usr/local/apache2.2.2/logs", gibt folgendes aus:
Code:
faxi1:/usr/local/apache2.2.2/logs# tail error_log
[Wed May 24 15:50:05 2006] [crit] (70023)This function has not been implemented on this platform: DBD: failed to initialise
[Wed May 24 15:50:05 2006] [crit] (70023)This function has not been implemented on this platform: DBD: driver for not available
[Wed May 24 15:50:05 2006] [crit] (70023)This function has not been implemented on this platform: DBD: failed to initialise
[Wed May 24 15:50:05 2006] [notice] Apache/2.2.2 (Unix) mod_ssl/2.2.2 OpenSSL/0.9.8a DAV/2 configured -- resuming normal operations
[Wed May 24 15:50:13 2006] [error] [client 193.160.59.50] File does not exist: /usr/local/apache2.2.2/htdocs/usr
[Wed May 24 15:50:14 2006] [crit] (70023)This function has not been implemented on this platform: DBD: driver for not available
[Wed May 24 15:50:14 2006] [crit] (70023)This function has not been implemented on this platform: DBD: failed to initialise
[Wed May 24 15:50:15 2006] [error] [client 193.160.59.50] File does not exist: /usr/local/apache2.2.2/htdocs/usr
[Wed May 24 15:50:18 2006] [error] [client 193.160.59.50] File does not exist: /usr/local/apache2.2.2/htdocs/usr
[Wed May 24 15:52:07 2006] [error] [client 193.160.59.50] File does not exist: /usr/local/apache2.2.2/htdocs/usr
Ich verwende die Rules von gotroot.
Zum Schluss, meine modsecurity.conf:
Code:
<IfModule mod_security.c>
# Only inspect dynamic requests
# (YOU MUST TEST TO MAKE SURE IT WORKS AS EXPECTED)
#SecFilterEngine DynamicOnly
SecFilterEngine On
# Reject requests with status 500
SecFilterDefaultAction "deny,log,status:500"
# Some sane defaults
SecFilterScanPOST On
SecFilterCheckURLEncoding On
SecFilterCheckCookieFormat On
SecFilterCheckUnicodeEncoding On
SecFilterNormalizeCookies On
# enable version 1 (RFC 2965) cookies
SecFilterCookieFormat 1
SecServerResponseToken On
#If you want to scan the output, uncomment these
#SecFilterScanOutput On
#SecFilterOutputMimeTypes "(null) text/html text/plain"
# Accept almost all byte values
SecFilterForceByteRange 1 255
# Server masking is optional
#fake server banner - NOYB used - no one needs to know what we are using
SecServerSignature "NOYB"
#SecUploadDir /tmp
#SecUploadKeepFiles On
# Only record the interesting stuff
SecAuditEngine RelevantOnly
SecAuditLog /usr/local/apache2.2.2/logs/modsec_audit.log
# You normally won't need debug logging
SecFilterDebugLevel 0
SecFilterDebugLog /usr/local/apache2.2.2/logs/modsec_debug.log
#And now, the rules
#Remove any of these Include lines you do not use or have rules for.
#First, add in your exclusion rules:
#These MUST come first!
Include /etc/modsecurity/exclude.conf
#Application protection rules
Include /etc/modsecurity/rules.conf
#Comment spam rules
Include /etc/modsecurity/blacklist.conf
#Bad hosts, bad proxies and other bad players
Include /etc/modsecurity/blacklist2.conf
#Bad clients, known bogus useragents and other signs of malware
Include /etc/modsecurity/useragents.conf
#Known bad software, rootkits and other malware
Include /etc/modsecurity/rootkits.conf
#Signatures to prevent proxying through your server
#only rule these rules if your server is NOT a proxy
Include /etc/modsecurity/proxy.conf
Include /etc/modsecurity/recons.conf
Include /etc/modsecurity/badips.conf
Include /etc/modsecurity/jitp.conf
#Additional rules for Apache 2.x ONLY! Do not add this line if you use Apache 1.x
Include /etc/modsecurity/apache2-rules.conf
</IfModule>
faxi
Last edited by a moderator: