Please review http://forum.hyperois.com/viewtopic.php?t=23
This an tutorial for Server Administrators who running Web Server,
this an Rules for Apache 2.x for better Security !
P.S: you must have Apache 2.x and Modsecurity_2 Installed
Step 1) Downloading & Uncompress Rules
| cd /etc wget http://hyperois.com/files/modsec2_rules.tar.gz tar -xzvf modsec2_rules.tar.gz |
Step 2) Edit modsec2.conf
| vi /usr/local/apache/conf/modsec2.conf |
Step 3) Copy and Paste this rules into your modsec2.conf
| <IfModule mod_security2.c> SecRuleEngine On # "Add the rules that will do exactly the same as the directives" # SecFilterCheckURLEncoding On # SecFilterForceByteRange 0 255 SecAuditEngine RelevantOnly SecAuditLog logs/modsec_audit.log SecDebugLog logs/modsec_debug_log SecDebugLogLevel 0 SecDefaultAction "phase:2,deny,log,status:406" SecRule REMOTE_ADDR "^127.0.0.1$" nolog,allow Include "/usr/local/apache/conf/modsec2.user.conf" SecServerSignature "Rules Powered By HyperOIS.com" #First, add in your exclusion rules: #These MUST come first! Include /etc/modsecurity/exclude.conf #Application protection rules Include /etc/modsecurity/rules.conf #Just in Time Patches for Vulnerable Applications Include /etc/modsecurity/jitp.conf #Comment spam rules Include /etc/modsecurity/blacklist.conf #Bad hosts, bad proxies and other bad players Include /etc/modsecurity/blacklist2.conf #Bad clients, known bogus useragents and other signs of malware Include /etc/modsecurity/useragents.conf #Known bad software, rootkits and other malware Include /etc/modsecurity/rootkits.conf #Additional rules for Apache 2.x ONLY! Do not add this line if you use Apache 1.x Include /etc/modsecurity/apache2-rules.conf </IfModule> |
Step 5) save and exit the file by clicking escape then typing
| :wq |
Step 6) lets Apply the new setting by restarting Apache
| services httpd restart |
or
| /etc/init.d/httpd restart |
