PDA

View Full Version : Using mod_security and DA

rhoekman
01-13-2004, 10:13 PM
There is an intresting thread at http://www.webhostingtalk.com/showthread.php?threadid=215612 mainly discussing using mod_security with cPanel. Anyone here using it in conjunction with DA? If so, what are your settings and what should you do or not do?

For people who do not know what mod_security is you can go here http://www.modsecurity.org

Rick

Example of what I have in my httpd.conf:

# Mod_Security directives
<IfModule mod_security.c>

# Turn the filtering engine On or Off
SecFilterEngine On

# Make sure that URL encoding is valid
SecFilterCheckURLEncoding On

# Unicode encoding check
SecFilterCheckUnicodeEncoding Off

# Only allow bytes from this range
SecFilterForceByteRange 0 255

# Only log suspicious requests
SecAuditEngine RelevantOnly

# The name of the audit log file
SecAuditLog /var/log/audit_log

# Debug level set to a minimum
SecFilterDebugLog /var/log/modsec_debug_log SecFilterDebugLevel 0

# Should mod_security inspect POST payloads
SecFilterScanPOST On

# By default log and deny suspicious requests
# with HTTP status 500
SecFilterDefaultAction "deny,log,status:500"

# Put in a space to reveal nothing like this
# SecServerSignature " "
# I allways wanted a Nintendo webserver ;)
SecServerSignature "Nintendo"

</IfModule>
ProWebUK
01-14-2004, 06:54 AM
Moved to 3rd party software
rhoekman
01-14-2004, 06:58 AM
Sorry about that..
neorder
04-28-2004, 11:21 AM
any update about this?

mod_security is a standard security measure nowadays, i know how to do it with cpanel, but still searching and try confirm how should i install mod_security with DA.
DirectAdmin Support
04-29-2004, 02:15 PM
Hello,

If it's just a standard apache module, which I assume it is, then you'd just add it to the configure.apache_ssl file and recompile apache with the build script. You'd add all the required apache settings to the main /etc/httpd/conf/httpd.conf.

John
113345
04-30-2004, 03:28 PM
In FreeBSD it is in /usr/ports/www/mod_security:

# cd /usr/ports/www/mod_security
# make
# make install

(it adds a few lines to /etc/httpd/conf/httpd.conf)
I also added the lines from the post of rhoekman to /etc/httpd/conf/httpd.conf and restarted apache.

There are many more configuration options like Rick said in his post: http://www.modsecurity.org/
and http://www.modsecurity.org/documentation/snortmodsec-rules.txt
Lem0nHead
02-21-2005, 05:02 PM
Originally posted by 113345
In FreeBSD it is in /usr/ports/www/mod_security:

# cd /usr/ports/www/mod_security
# make
# make install

(it adds a few lines to /etc/httpd/conf/httpd.conf)
I also added the lines from the post of rhoekman to /etc/httpd/conf/httpd.conf and restarted apache.

There are many more configuration options like Rick said in his post: http://www.modsecurity.org/
and http://www.modsecurity.org/documentation/snortmodsec-rules.txt

mine was installed on /usr/local/libexec/apache, while other modules are on /usr/lib/apache/

can I jus copy it to the correct dir?

also, nothing was changed on /etc/httpd/conf/httpd.conf , but /usr/local/etc/apache/httpd.conf was...
so maybe i should set the directory when installing somehow?

thanks