Protectie la XSS, RFI si SQLi cu mod_security

wtf123 · December 22, 2012

ModSecurity supplies an array of request filtering and other security features to the Apache HTTP Server, IIS and NGINX. ModSecurity is a web application layer firewall.

[sursa text wikipedia]

Instalare,Configurare:

Instalam:

yum install mod_security

Deschidem

/etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf

Si introducem:

vi /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf

Ne asiguram ca

SecRuleEngine

e setat pe ON,pentru a ne putea proteja de atacuri.

Adaugam in httpd.conf urmatoarele lini:

<ifmodule mod_security.c>
    SecFilterEngine On
    SecFilterForceByteRange 1 255
 </ifmodule>

[in caz ca nu le avem]

Repornim httpd

service httpd restart

[mai multe detalii despre instalare Installation ]

Orice greseala de gramatica/errori in asazisul "tutorial" Sunt bine venite,pentru a nu induce Userii/Vizitatorii in Eroare.

Edited December 22, 2012 by wtf123

Sign In

Protectie la XSS, RFI si SQLi cu mod_security

Recommended Posts

wtf123

Join the conversation

Browse

Activity

Pages