need help on mod_security

[neorder]

here are the two HowTos i found from internet

http://admin0.info/articles/hardening/step-03.html
http://www.webhostgear.com/62.html

both are on cpanel, but i am not sure how to install and configure it with directadmin.

my first question: where is httpd.conf in DA?

on both article, is says it's in "/usr/local/apache/conf/httpd.conf "
but i don't have /usr/local/apache directory. i found mine in DA is "/etc/httpd/conf/httpd.conf", so is httpd.conf in this directory in DA?

question two: how to run mod_security setup command?

it's "/usr/local/apache/bin/apxs -cia mod_security.c" on both articles, but since i can't locate my apache/bin directory, i have no idea how to run this setup command.

thanks.

 

[DirectAdmin Support]

Hello,

httpd.conf: /etc/httpd/conf/httpd.conf

apxs: /usr/sbin/apxs -cia mod_security.c

John

 

[TheLinuxGuy]

just some word of advise some of those rules will break some scripts.

 

[neorder]

a few questions

1. do you run mod_security and grsecurity together?

2. what's affecting my phpmyadmin here? mod_security caused i was unable to access phpmyadmin, but i haven't figured out with option does it.

<IfModule mod_security.c>
    # Turn the filtering engine On or Off
    SecFilterEngine On

    # Change Server: string
    SecServerSignature " "

    # Make sure that URL encoding is valid
    SecFilterCheckURLEncoding On

    # This setting should be set to On only if the Web site is
    # using the Unicode encoding. Otherwise it may interfere with
    # the normal Web site operation.
    SecFilterCheckUnicodeEncoding Off

    # Only allow bytes from this range
    SecFilterForceByteRange 1 255

    # The audit engine works independently and
    # can be turned On of Off on the per-server or
    # on the per-directory basis. "On" will log everything,
    # "DynamicOrRelevant" will log dynamic requests or violations,
    # and "RelevantOnly" will only log policy violations
    SecAuditEngine RelevantOnly

    # The name of the audit log file
    SecAuditLog /var/log/httpd/audit_log

    # Should mod_security inspect POST payloads
    SecFilterScanPOST On

    # Action to take by default
    SecFilterDefaultAction "deny,log,status:500"

    # Require HTTP_USER_AGENT and HTTP_HOST in all requests
    SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"

    # Prevent path traversal (..) attacks
    SecFilter "../"

    # Weaker XSS protection but allows common HTML tags
    SecFilter "<[[:space:]]*script"

    # Prevent XSS atacks (HTML/Javascript injection)
    SecFilter "<(.|n)+>"

    # Very crude filters to prevent SQL injection attacks
    SecFilter "delete[[:space:]]+from"
    SecFilter "insert[[:space:]]+into"
    SecFilter "select.+from"

    # Protecting from XSS attacks through the PHP session cookie
    SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
    SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"
</IfModule>

thanks