Mod-Security is a "real-time" application firewall for Apache. It's able to detect, log, deny, and take action on web attacks, and security related events for your Apache web server.
Installation is a breeze on a Debian system running Apache2:
#apt-get install libapache2-mod-security
#a2enmod mod-security
#/etc/init.d/apache2 force-reload
From there you can use the great documentation to start adding rules.
Just add a new section like so in the apache2.conf file:
<IfModule mod_security.c>
...new rules....
</IfModule>
Here's a quick entry to alert your would-be attackers that you know of their path traversal attempt for /etc/passwd:
I.E the user here requested: http://myserver/test/../../etc/passwd and we redirect them to /busted.html.
Here's the rule:
SecFilter /etc/passwd "deny,log,status:406,redirect:/busted.html
and the results:
This is a mere fraction of the capabilites with Mod-security. From there you can investigate a whole range of options, including denying DOS attempts using httpd-guardian.
Happy Filtering!
1 comments:
While installing on an Ubuntu server this doc was a GREAT help:
http://wiki.tkoeppen.com/display/docs/howto+install+mod_security2+with+apache2+in+Ubuntu#howtoinstallmod_security2withapache2inUbuntu-2)installpreconditionsformodsecurity2
Post a Comment