Modsecurity 2 [Anti Exploits]


Please review http://forum.hyperois.com/viewtopic.php?t=23

This an tutorial for Server Administrators who running Web Server,
this an Rules for Apache 2.x for better Security !

P.S: you must have Apache 2.x and Modsecurity_2 Installed


Step 1) Downloading & Uncompress Rules


cd /etc
wget http://hyperois.com/files/modsec2_rules.tar.gz
tar -xzvf modsec2_rules.tar.gz



Step 2) Edit modsec2.conf


vi /usr/local/apache/conf/modsec2.conf



Step 3) Copy and Paste this rules into your modsec2.conf


<IfModule mod_security2.c>
SecRuleEngine On
# "Add the rules that will do exactly the same as the directives"
# SecFilterCheckURLEncoding On
# SecFilterForceByteRange 0 255
SecAuditEngine RelevantOnly
SecAuditLog logs/modsec_audit.log
SecDebugLog logs/modsec_debug_log
SecDebugLogLevel 0
SecDefaultAction "phase:2,deny,log,status:406"
SecRule REMOTE_ADDR "^127.0.0.1$" nolog,allow
Include "/usr/local/apache/conf/modsec2.user.conf"

SecServerSignature "Rules Powered By HyperOIS.com"

#First, add in your exclusion rules:
#These MUST come first!
Include /etc/modsecurity/exclude.conf

#Application protection rules
Include /etc/modsecurity/rules.conf

#Just in Time Patches for Vulnerable Applications
Include /etc/modsecurity/jitp.conf

#Comment spam rules
Include /etc/modsecurity/blacklist.conf

#Bad hosts, bad proxies and other bad players
Include /etc/modsecurity/blacklist2.conf

#Bad clients, known bogus useragents and other signs of malware
Include /etc/modsecurity/useragents.conf

#Known bad software, rootkits and other malware
Include /etc/modsecurity/rootkits.conf

#Additional rules for Apache 2.x ONLY! Do not add this line if you use Apache 1.x
Include /etc/modsecurity/apache2-rules.conf

</IfModule>



Step 5) save and exit the file by clicking escape then typing

:wq



Step 6) lets Apply the new setting by restarting Apache

services httpd restart


or

/etc/init.d/httpd restart
  • 49 Users Found This Useful
Was this answer helpful?

Related Articles

Mod_evasive

  One way to stop one of the more basic attacks on a server is mod_evasive.This how-to...

Restrict SSH Access by IP Address on Linux

  Opening SSH to the outside world on your home LAN is a convenience if you are away from...

EXPLOIT REMOVAL INSTRUCTIONS ON NON-VPS SERVER (Linux/Unix)

EXPLOIT REMOVAL INSTRUCTIONS ON NON-VPS SERVER (Linux/Unix):1. Execute the following 3 command...