# Turn the filtering engine On or Off
SecFilterEngine On
# Make sure that URL encoding is valid
SecFilterCheckURLEncoding On
# Unicode encoding check
SecFilterCheckUnicodeEncoding On
# Only allow bytes from this range
SecFilterForceByteRange 0 255
# Only log actionable requests
SecAuditEngine RelevantOnly
# The name of the audit log file
SecAuditLog /var/log/apache2/audit_log
# Debug level set to a minimum
SecFilterDebugLog /var/log/apache2/modsec_debug_log
SecFilterDebugLevel 2
# Should mod_security inspect POST payloads
SecFilterScanPOST On
# By default log and deny suspicious requests
# with HTTP status 500
SecFilterDefaultAction "deny,log,status:500"
# Add custom secfilter rules here
Of course, you can add on more items and it depends on what you need it to filter and protect. Mod_Security does come with a performance cost, however, the security benefits far outweight the performance cost. Do consider using it.
The Hacka Man
6 comments:
First of all, great post. I am the ModSecurity Community Manager and part of my job is to "get teh word" out about ModSecurity so that peoplel know about it and what it can do for them. I love hearing that people who are conducting web assessments are recommending it as a potential solution to immediately "virtually patch" identified vulnerabilities :)
Just a quick comment, I noticed that you used ModSecurity v1 rules in your example. Are you aware of the new ModSecurity v2 version and the corresponding free Core Rules? There are many great feature enhancements that users should be aware of, however it only works on Apache 2.x hosts so ModSecurity v1 may still be the only option.
--
Ryan C. Barnett
ModSecurity Community Manager
Breach Security: Director of Training
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
Author: Preventing Web Attacks with Apache
Hi Ryan, you can email me and we can discuss more.
hackathology
In my opinion mod_security has to be used with care. It's - like most if not all systems - no perfect system to harden your application and just installing and using it _could_ create a false sense of security.
hi mario, i do agree with your comments, however, with mod_security it will almost thwarf of 80-90% of the attacks compared without any web application firewall installed. Mod_security definitely needs to be installed with care and configured with scrutinity.
hackathology
The holidays are a time ed hardy of getting together with friends ed hardy shoes and family, attending elaborate ed hardy clothing parties, and other exciting events ed hardy clothes that involves dressing up in stunning ed hardy store wardrobes. If you ed hardy Bikini are pregnant during ed hardy swimsuits the holidays, it does not ed hardy Caps mean that you are unable buy ed hardy to look fabulous and ed hardy swimwear stylish. Now, an expectant ed hardy sale mother has many styles of chic ed hardy glasses maternity clothing that allows cheap ed hardy her to show off her baby bump Christian audigier while looking spectacular.
Very nice post. I just stumbled upon your weblog and wanted to say that I have truly enjoyed surfing around your blog posts. After all I will be subscribing to your rss feed and I hope you write again very soon!
Post a Comment