Hi,
I just found something out to day.
I have Mod_security running on my server and openbase_dir is enabled zo people can't read any file. At least that was what i thought.
If you haven't openbase_dir enable people could read with this code all the content of your server. Now i have it enabled but when you know where the files are you could still view them.
The stupid thing is I have mod_security running but it doesn't seem te work at all cause you still can use the "echo" commands, but that one is on the filter list...
Somebody knows how to solve this problem?
Here is my mod_security file:
Ow and sorry for the not so good english
I'm not english you know. Just a stupid dutch
Thank you
Edit:
Ok stupid me. Mod_sec is only for the urls ofcource. But then again. How do i fix this problem in a simple way?
I just found something out to day.
I have Mod_security running on my server and openbase_dir is enabled zo people can't read any file. At least that was what i thought.
PHP:
<?
if ($dir = @opendir('/')) {
while (($file = readdir($dir)) !== false) {
echo "$file\n";
}
closedir($dir);
}
?>If you haven't openbase_dir enable people could read with this code all the content of your server. Now i have it enabled but when you know where the files are you could still view them.
The stupid thing is I have mod_security running but it doesn't seem te work at all cause you still can use the "echo" commands, but that one is on the filter list...
Somebody knows how to solve this problem?
Here is my mod_security file:
Code:
<IfModule mod_security.c>
# Turn the filtering engine On or Off
SecFilterEngine DynamicOnly
# Debug level set to a minimum
SecFilterDebugLog logs/modsec_debug_log
SecFilterDebugLevel 0
# The name of the audit log file
SecAuditLog /var/log/httpd/audit_log
# Should mod_security inspect POST payloads
SecFilterScanPOST On
# Very crude filters to prevent SQL injection attacks
SecFilter "delete[[:space:]]+from"
SecFilter "insert[[:space:]]+into"
# allow phpmyadmin
<Location /phpMyAdmin/>
SecFilterInheritance Off
</Location>
<Location /phpmyadmin/>
SecFilterInheritance Off
</Location>
# normalise cookies
SecFilterNormalizeCookies Off
# enable version 1 (RFC 2965) cookies
SecFilterCookieFormat 1
# Change Server: string
SecServerSignature "Apache"
# This setting should be set to On only if the Web site is
# using the Unicode encoding. Otherwise it may interfere with
# the normal Web site operation.
SecFilterCheckUnicodeEncoding Off
# The audit engine works independently and
# can be turned On of Off on the per-server or
# on the per-directory basis. "On" will log everything,
# "DynamicOrRelevant" will log dynamic requests or violations,
# and "RelevantOnly" will only log policy violations
SecAuditEngine RelevantOnly
# Action to take by default
SecFilterDefaultAction "deny,log,status:403"
## ## ## ## ## ## ## ## ## ##
## ## ## ## ## ## ## ## ## ##
# Require HTTP_USER_AGENT and HTTP_HOST in all requests
# SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
# Require Content-Length to be provided with
# every POST request
SecFilterSelective REQUEST_METHOD "^POST$" chain
SecFilterSelective HTTP_Content-Length "^$"
# Don't accept transfer encodings we know we don't handle
# (and you don't need it anyway)
SecFilterSelective HTTP_Transfer-Encoding "!^$"
# Protecting from XSS attacks through the PHP session cookie
SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"
SecFilter "viewtopic\.php\?" chain
SecFilter "chr\(([0-9]{1,3})\)" "deny,log"
# Block various methods of downloading files to a server
SecFilterSelective THE_REQUEST "wget "
SecFilterSelective THE_REQUEST "lynx "
SecFilterSelective THE_REQUEST "scp "
SecFilterSelective THE_REQUEST "ftp "
SecFilterSelective THE_REQUEST "cvs "
SecFilterSelective THE_REQUEST "rcp "
SecFilterSelective THE_REQUEST "curl "
SecFilterSelective THE_REQUEST "telnet "
SecFilterSelective THE_REQUEST "ssh "
SecFilterSelective THE_REQUEST "echo "
SecFilterSelective THE_REQUEST "links -dump "
SecFilterSelective THE_REQUEST "links -dump-charset "
SecFilterSelective THE_REQUEST "links -dump-width "
SecFilterSelective THE_REQUEST "links [url]http://[/url] "
SecFilterSelective THE_REQUEST "links [url]ftp://[/url] "
SecFilterSelective THE_REQUEST "links -source "
SecFilterSelective THE_REQUEST "mkdir "
SecFilterSelective THE_REQUEST "cd /tmp "
SecFilterSelective THE_REQUEST "cd /var/tmp "
SecFilterSelective THE_REQUEST "cd /etc/httpd/proxy "
</IfModule>Ow and sorry for the not so good english
I'm not english you know. Just a stupid dutchThank you
Edit:
Ok stupid me. Mod_sec is only for the urls ofcource. But then again. How do i fix this problem in a simple way?
Last edited:
