Jump to content

Apache Server Security (Mod-Security)

Recommended Posts


ModSecurity is an Open Source Web Application project (Apache module) that aims to secure web applications running on webservers and block penetration or hacking attempts investigating in the body of http requests. It provides intrusion detection and prevention for web applications and aims at shielding web applications from attacks like SQL injections, cross-site scripting and path traversal attacks ...

About Apache modules

The Apache WebServer is a modular application where the user can choose the functionality to include in the server by selecting desired modules. Modules can be either statically compiled into the httpd binary when the server is built or compiled as Dynamic Shared Objects (DSOs) separately from the main httpd binary file. DSO modules may be compiled at the time the server is built, or they may be compiled and added at a later time using the Apache Extension Tool (apxs). After a module is compiled into a DSO, it will have an extension like mod.so.

Installing mod-security

Mod-security can be installed with apt-get manager on Debian, or on Fedora system Yum can be used. First, we'll update apt-get source database:

LinuxBox# apt-get update Ign Index of / lenny Release.gpg Ign Index of /debian lenny/main Translation-en Hit Debian -- Security Information squeeze/updates Release.gpg Ign Debian -- Security Information squeeze/updates/contrib Translation-en Ign Debian -- Security Information squeeze/updates/contrib Translation-en_US Ign Index of /debian lenny/main Translation-en_US Hit Index of / squeeze Release.gpg Ign Index of /debian squeeze/main Translation-en Ign Index of /debian squeeze/main Translation-en_US Ign Index of / lenny Release Ign Debian -- Security Information squeeze/updates/main Translation-en Ign Debian -- Security Information squeeze/updates/main Translation-en_US Hit Debian -- Security Information squeeze/updates Release Hit Index of / squeeze Release ... .. .

After updating source list, we can install mod-security:

LinuxBox# apt-get install libapache-mod-security Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: liblua5.1-0 mod-security-common The following NEW packages will be installed: libapache-mod-security liblua5.1-0 mod-security-common 0 upgraded, 3 newly installed, 0 to remove and 73 not upgraded. Need to get 1,158 kB of archives. After this operation, 3,490 kB of additional disk space will be used. Do you want to continue [Y/n]? ... .. . Setting up libapache-mod-security (2.5.12-1) ... Reloading web server config: apache2.

In /etc/apache2/mods-available/ we can find available apache modules and mod-security:

LinuxBox# ls /etc/apache2/mods-available/ | grep mod mod-security.load LinuxBox#

(In /etc/apache2/mods-enbled are located symlinks on modules which are enabled)

Enabling or disabling Apache modules

Once apache module is installed we can enable it with a2dismod, or disable it with a2dismod command, after which we have to restart the Apache server with "/etc/init.d/apache2 restart" command:

LinuxBox# a2dismod mod-security && /etc/init.d/apache2 restart Module mod-security disabled. Run '/etc/init.d/apache2 restart' to activate new configuration! Restarting web server: apache2 ... waiting . LinuxBox# a2enmod mod-security && /etc/init.d/apache2 restart Enabling module mod-security. Run '/etc/init.d/apache2 restart' to activate new configuration! Restarting web server: apache2 ... waiting .

Check loaded modules

To check and see loaded modules, modules which are enabled, apachectl -M can be used:

LinuxBox# apachectl -M Loaded Modules: core_module (static) log_config_module (static) logio_module (static) mpm_prefork_module (static) http_module (static) so_module (static) alias_module (shared) auth_basic_module (shared) authn_file_module (shared) authz_default_module (shared) authz_groupfile_module (shared) authz_host_module (shared) authz_user_module (shared) autoindex_module (shared) cgi_module (shared) deflate_module (shared) dir_module (shared) env_module (shared) mime_module (shared) security2_module (shared) negotiation_module (shared) perl_module (shared) php5_module (shared) python_module (shared) reqtimeout_module (shared) setenvif_module (shared) status_module (shared) unique_id_module (shared) Syntax OK LinuxBox#

Source:Apache Server security, mod-security, IT Tutorials, Linux tutorials, (ICT) Information Technology Tutorials

Edited by nedo
La rugamintea lui ask
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...