mod_security

rldev

Verified User
Joined
May 26, 2004
Messages
1,072
Is there a howto on this board? Who is using it succesfully with DA and RHE? Anyone?
 
Can anyone post their rule sets for mod_security? Could save others a lot of time if you have it working with DA. Thanks.
 
Sorry rldev, I don't have a ruleset for DA.

If you get one please let me know and I'll update my guide to include the ruleset for future DA users.
 
Thanks. I will try this out over the next few days and post my results.
 
Many of those rules can't be used in a real world production server. Keep your eye on the modsecurity log as many clients will get 500 error messages and scripts will break.
 
Hello rampage,
Can you point some of the obvious ones out? If I get a good working config, I will post it here. I don't think it should be a problem, since I have mod_security installed on other servers with no problems.
 
ModSecurity Install

Hi,

I need to install this on a DA server running Red Hat 8 I have had my sites defaced twice in the same day!

I have changed the root password.
I have changed file permissions on all index type files (php, html etc)
I enabled php safemode on all domains.
I removed anonomys FTP access
I have removed Shell and Telnet Access

And yet I was hit again................

I have the mod security module on the server, but I don't understand how to recompile it for apache as a module??

After 19 hours with this I would be happy to pay someone to help get this installed and the rule set correct so I can start restoring clients.

Thanks for any help with this.

Scott
 
Has there ever been a consensus on the best set of rules to use with mod_security?

The majority of the need I see is with XSS and email vulnerabilities.

Big Wil
 
I'm working on getting a database of rules setup for the community, not an easy task. If anyones interested in participating please contact me - help would be nice ;)

info (a t) webhostgear.com

Thanks

BigWil said:
Has there ever been a consensus on the best set of rules to use with mod_security?

The majority of the need I see is with XSS and email vulnerabilities.

Big Wil
 
BigWil said:
Has there ever been a consensus on the best set of rules to use with mod_security?

The majority of the need I see is with XSS and email vulnerabilities.

Big Wil

common attempts I see are attempts to use wget, XSS exploits, awstats exploits, frontpage exploits, phpbb exploits and attempts to use lynx. Occasionally other stuff shows up so it is a good idea to have a broad range of rules.
 
Back
Top