Using mod_security and DA

rhoekman

Verified User
Joined
Jan 3, 2004
Messages
250
Location
The Netherlands
There is an intresting thread at http://www.webhostingtalk.com/showthread.php?threadid=215612 mainly discussing using mod_security with cPanel. Anyone here using it in conjunction with DA? If so, what are your settings and what should you do or not do?

For people who do not know what mod_security is you can go here http://www.modsecurity.org

Rick

Example of what I have in my httpd.conf:

# Mod_Security directives
<IfModule mod_security.c>

# Turn the filtering engine On or Off
SecFilterEngine On

# Make sure that URL encoding is valid
SecFilterCheckURLEncoding On

# Unicode encoding check
SecFilterCheckUnicodeEncoding Off

# Only allow bytes from this range
SecFilterForceByteRange 0 255

# Only log suspicious requests
SecAuditEngine RelevantOnly

# The name of the audit log file
SecAuditLog /var/log/audit_log

# Debug level set to a minimum
SecFilterDebugLog /var/log/modsec_debug_log SecFilterDebugLevel 0

# Should mod_security inspect POST payloads
SecFilterScanPOST On

# By default log and deny suspicious requests
# with HTTP status 500
SecFilterDefaultAction "deny,log,status:500"

# Put in a space to reveal nothing like this
# SecServerSignature " "
# I allways wanted a Nintendo webserver ;)
SecServerSignature "Nintendo"

</IfModule>
 
Last edited:
any update about this?

mod_security is a standard security measure nowadays, i know how to do it with cpanel, but still searching and try confirm how should i install mod_security with DA.
 
Hello,

If it's just a standard apache module, which I assume it is, then you'd just add it to the configure.apache_ssl file and recompile apache with the build script. You'd add all the required apache settings to the main /etc/httpd/conf/httpd.conf.

John
 
113345 said:
In FreeBSD it is in /usr/ports/www/mod_security:

# cd /usr/ports/www/mod_security
# make
# make install

(it adds a few lines to /etc/httpd/conf/httpd.conf)
I also added the lines from the post of rhoekman to /etc/httpd/conf/httpd.conf and restarted apache.

There are many more configuration options like Rick said in his post: http://www.modsecurity.org/
and http://www.modsecurity.org/documentation/snortmodsec-rules.txt

mine was installed on /usr/local/libexec/apache, while other modules are on /usr/lib/apache/

can I jus copy it to the correct dir?

also, nothing was changed on /etc/httpd/conf/httpd.conf , but /usr/local/etc/apache/httpd.conf was...
so maybe i should set the directory when installing somehow?

thanks
 
Back
Top