after install mod_security

bigboy

Verified User
Joined
Nov 25, 2005
Messages
231
Location
USA
Cannot remove module mod_security.c: not found in module list

httpd error log
 
Fix your httpd.conf

60.06% High CPU load

thank in advance


httpd.conf

ServerType standalone
ServerRoot "/etc/httpd"
LockFile /var/run/httpd.lock
PidFile /var/run/httpd.pid
ScoreBoardFile logs/apache_runtime_status
ResourceConfig /dev/null
AccessConfig /dev/null

#Timeout 300
#KeepAlive On
#MaxKeepAliveRequests 500
#KeepAliveTimeout 15
#MinSpareServers 5
#MaxSpareServers 20
#StartServers 8
#MaxClients 450
#MaxRequestsPerChild 1000

Timeout 60
KeepAlive On
MaxKeepAliveRequests 1024
KeepAliveTimeout 15
<IfModule prefork.c>
#StartServers 5
#MinSpareServers 5
#MaxSpareServers 10
#MaxClients 150
#MaxRequestsPerChild 0
ServerLimit 1024
StartServers 10
MinSpareServers 32
MaxSpareServers 64
MaxClients 1024
MaxRequestsPerChild 0
</IfModule>

#LoadModule mmap_static_module modules/mod_mmap_static.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
<IfDefine HAVE_BANDWIDTH>
LoadModule bandwidth_module modules/mod_bandwidth.so
</IfDefine>
<IfDefine HAVE_THROTTLE>
LoadModule throttle_module modules/mod_throttle.so
</IfDefine>
LoadModule env_module modules/mod_env.so
LoadModule config_log_module modules/mod_log_config.so
LoadModule agent_log_module modules/mod_log_agent.so
LoadModule referer_log_module modules/mod_log_referer.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule status_module modules/mod_status.so
LoadModule info_module modules/mod_info.so
LoadModule includes_module modules/mod_include.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule dir_module modules/mod_dir.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule asis_module modules/mod_asis.so
LoadModule imap_module modules/mod_imap.so
LoadModule action_module modules/mod_actions.so
#LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule access_module modules/mod_access.so
LoadModule auth_module modules/mod_auth.so
LoadModule anon_auth_module modules/mod_auth_anon.so
#LoadModule db_auth_module modules/mod_auth_db.so
#LoadModule auth_any_module modules/mod_auth_any.so
#LoadModule dbm_auth_module modules/mod_auth_dbm.so
#LoadModule auth_ldap_module modules/mod_auth_ldap.so
#LoadModule mysql_auth_module modules/mod_auth_mysql.so
#LoadModule auth_pgsql_module modules/mod_auth_pgsql.so
#LoadModule digest_module modules/mod_digest.so
#LoadModule proxy_module modules/libproxy.so
#LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
#LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule example_module modules/mod_example.so
#LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
#<IfDefine HAVE_PERL>
#LoadModule perl_module modules/libperl.so
#</IfDefine>
<IfDefine HAVE_PHP>
LoadModule php_module modules/mod_php.so
</IfDefine>
<IfDefine HAVE_PHP3>
LoadModule php3_module modules/libphp3.so
</IfDefine>
#<IfDefine HAVE_PHP4>
#LoadModule php4_module modules/libphp4.so
#</IfDefine>
LoadModule php4_module /usr/lib/apache/libphp4.so
<IfDefine HAVE_DAV>
LoadModule dav_module modules/libdav.so
</IfDefine>
<IfDefine HAVE_ROAMING>
LoadModule roaming_module modules/mod_roaming.so
</IfDefine>
###<IfDefine HAVE_SSL>
LoadModule ssl_module modules/libssl.so
###</IfDefine>
<IfDefine HAVE_PUT>
LoadModule put_module modules/mod_put.so
</IfDefine>
<IfDefine HAVE_PYTHON>
LoadModule python_module modules/mod_python.so
LoadModule php4_module /usr/lib/apache/libphp4.so
</IfDefine>
#LoadModule frontpage_module /usr/lib/apache/mod_frontpage.so
LoadModule perl_module /usr/lib/apache/libperl.so
LoadModule security_module /usr/lib/apache/mod_security.so




<IfModule mod_security.c>
# Only inspect dynamic requests
# (YOU MUST TEST TO MAKE SURE IT WORKS AS EXPECTED)
#SecFilterEngine DynamicOnly

SecFilterEngine On

# Reject requests with status 500
SecFilterDefaultAction "deny,log,status:500"

# Some sane defaults
SecFilterScanPOST On
SecFilterCheckURLEncoding On
SecFilterCheckCookieFormat On
SecFilterCheckUnicodeEncoding Off
SecFilterNormalizeCookies On
# enable version 1 (RFC 2965) cookies
SecFilterCookieFormat 1

SecServerResponseToken Off

#If you want to scan the output, uncomment these
#SecFilterScanOutput On
#SecFilterOutputMimeTypes "(null) text/html text/plain"

# Accept almost all byte values
SecFilterForceByteRange 1 255

# Server masking is optional
#fake server banner - NOYB used - no one needs to know what we are using
SecServerSignature "NOYB"
#SecServerSignature "Apache"

#SecUploadDir /tmp
#SecUploadKeepFiles Off

# Only record the interesting stuff
SecAuditEngine RelevantOnly
#SecAuditLog logs/audit_log
SecAuditLog /var/log/httpd/audit_log


# You normally won't need debug logging
SecFilterDebugLevel 0
SecFilterDebugLog logs/modsec_debug_log

#BY admin
#Protecting from XSS attacks through the PHP session cookie
SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"

# Very crude filters to prevent SQL injection attacks
SecFilter "delete[[:space:]]+from"
SecFilter "insert[[:space:]]+into"
SecFilter "select.+from"

# Prevent XSS atacks (HTML/Javascript injection)
SecFilter "<(.|n)+>"

# Require HTTP_USER_AGENT and HTTP_HOST in all requests
SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"

# Prevent path traversal (..) attacks
SecFilter "../"

# Weaker XSS protection but allows common HTML tags
SecFilter "<[[:space:]]*script"

# END
#And now, the rules
#Remove any of these Include lines you do not use or have rules for.

#First, add in your exclusion rules:
#These MUST come first!
Include /etc/modsecurity/exclude.conf

#Application protection rules
Include /etc/modsecurity/rules.conf

#Comment spam rules
Include /etc/modsecurity/blacklist.conf

#Bad hosts, bad proxies and other bad players
Include /etc/modsecurity/blacklist2.conf

#Bad clients, known bogus useragents and other signs of malware
Include /etc/modsecurity/useragents.conf

#Known bad software, rootkits and other malware
Include /etc/modsecurity/rootkits.conf

#Signatures to prevent proxying through your server
#only rule these rules if your server is NOT a proxy
Include /etc/modsecurity/proxy.conf

#Additional rules for Apache 2.x ONLY! Do not add this line if you use Apache 1.x
#Include /etc/modsecurity/apache2-rules.conf

# Do now allow this variable value (names are ok)
SecFilterSelective ARGS_VALUES 888

SecFilter /boot
SecFilter /dev
SecFilter /etc
SecFilter /initrd
SecFilter /lib
SecFilter /lost+found
SecFilter /misc
SecFilter /mnt
SecFilter /proc
SecFilter /root
SecFilter /sbin
SecFilter /tmp
SecFilter /usr/local/directadmin/customapache
SecFilter /usr/local/directadmin
SecFilter /usr/local/mysql
SecFilter /var
SecFilter /boot/
SecFilter /dev/
SecFilter /etc/
SecFilter /initrd/
SecFilter /lib/
SecFilter /lost+found/
SecFilter /misc/
SecFilter /mnt/
SecFilter /proc/
SecFilter /root/
SecFilter /sbin/
SecFilter /tmp/
SecFilter /usr/local/directadmin/customapache/
SecFilter /usr/local/directadmin/
SecFilter /usr/local/mysql/
SecFilter /var/
SecFilter /bin/cc
SecFilter /bin/gcc


# Do not allow variables with this name
SecFilterSelective ARGS_NAMES 777


# Block various methods of downloading files to a server
SecFilterSelective THE_REQUEST "wget "
SecFilterSelective THE_REQUEST "lynx "
SecFilterSelective THE_REQUEST "scp "
SecFilterSelective THE_REQUEST "ftp "
SecFilterSelective THE_REQUEST "cvs "
SecFilterSelective THE_REQUEST "rcp "
SecFilterSelective THE_REQUEST "telnet "
SecFilterSelective THE_REQUEST "ssh "
SecFilterSelective THE_REQUEST "echo "
SecFilterSelective THE_REQUEST "links -dump "
SecFilterSelective THE_REQUEST "links -dump-charset "
SecFilterSelective THE_REQUEST "links -dump-width "
SecFilterSelective THE_REQUEST "links http:// "
SecFilterSelective THE_REQUEST "links ftp:// "
SecFilterSelective THE_REQUEST "links -source "
SecFilterSelective THE_REQUEST "mkdir "
SecFilterSelective THE_REQUEST "cd /tmp "
SecFilterSelective THE_REQUEST "cd /var/tmp "
SecFilterSelective THE_REQUEST "cd /etc/httpd/proxy "
</IfModule>



ClearModuleList
#AddModule mod_mmap_static.c
AddModule mod_vhost_alias.c
<IfDefine HAVE_BANDWIDTH>
AddModule mod_bandwidth.c
</IfDefine>
<IfDefine HAVE_THROTTLE>
AddModule mod_throttle.c
</IfDefine>
AddModule mod_env.c
AddModule mod_log_config.c
AddModule mod_log_agent.c
AddModule mod_log_referer.c
#AddModule mod_mime_magic.c
AddModule mod_mime.c
AddModule mod_negotiation.c
AddModule mod_status.c
AddModule mod_info.c
AddModule mod_include.c
AddModule mod_autoindex.c
AddModule mod_dir.c
AddModule mod_cgi.c
AddModule mod_asis.c
AddModule mod_imap.c
AddModule mod_actions.c
#AddModule mod_speling.c
AddModule mod_userdir.c
AddModule mod_alias.c
AddModule mod_rewrite.c
AddModule mod_access.c
AddModule mod_auth.c
AddModule mod_auth_anon.c
#AddModule mod_auth_db.c
#AddModule mod_auth_any.c
#AddModule mod_auth_dbm.c
#AddModule auth_ldap.c
#AddModule mod_auth_mysql.c
#AddModule mod_auth_pgsql.c
#AddModule mod_digest.c
#AddModule mod_proxy.c
#AddModule mod_cern_meta.c
AddModule mod_expires.c
AddModule mod_headers.c
#AddModule mod_usertrack.c
#AddModule mod_example.c
#AddModule mod_unique_id.c
AddModule mod_so.c
AddModule mod_setenvif.c
AddModule mod_frontpage.c
#AddModule mod_security.c

<IfDefine HAVE_PERL>
AddModule mod_perl.c
</IfDefine>
<IfDefine HAVE_PHP>
AddModule mod_php.c
</IfDefine>
<IfDefine HAVE_PHP3>
AddModule mod_php3.c
</IfDefine>
###<IfDefine HAVE_PHP4>
AddModule mod_php4.c
###</IfDefine>
<IfDefine HAVE_DAV>
AddModule mod_dav.c
</IfDefine>
<IfDefine HAVE_ROAMING>
AddModule mod_roaming.c
</IfDefine>
###<IfDefine HAVE_SSL>
AddModule mod_ssl.c
###</IfDefine>
<IfDefine HAVE_PUT>
AddModule mod_put.c
</IfDefine>
<IfDefine HAVE_PYTHON>
AddModule mod_python.c
</IfDefine>


Port 80

Listen 80
Listen 443

User apache
Group apache

ServerAdmin root@localhost
DocumentRoot "/var/www/html"

<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
 
Last edited:
you should be able to find this yourself

there are 3 places where mod_security is in your httpd.conf

LoadModule security_module /usr/lib/apache/mod_security.so

<IfModule mod_security.c>
# Only inspect dynamic requests
# (YOU MUST TEST TO MAKE SURE IT WORKS AS EXPECTED)
#SecFilterEngine DynamicOnly

SecFilterEngine On
.... here comes the other stuff ....
SecFilterSelective THE_REQUEST "cd /etc/httpd/proxy "
</IfModule>

and finally
#AddModule mod_security.c
 
Back
Top