I have found some free sets of mod_security rules on the net. For example: http://static.askapache.com/httpd/m...he_2.1.4/rules/modsecurity_crs_10_config.conf (I changed its name to something else)
But when I add it beside current modsecurity_crs_10_config (that is listed below), it doesn't loads the websites (I don't know why)
Another one that I have found is https://github.com/SpiderLabs/ModSecurity/blob/master/modsecurity.conf-recommended, but I haven't yet tested it.
Anyway unfortunately there isn't a good tutorial about mod_security version 2 and only its useful directives.
++++++
At the other hand, a very rich sets of rules that I've found are OWASP mod_security CRS at https://github.com/SpiderLabs/owasp-modsecurity-crs
Taking a look at the official installation guide, they have said
But their recommanded modsecurity_crs_10_config.conf doesn't have SecRuleEngine setting On at all!
Also, there is not a clear installation guide. It's very hard to understand.
Someone please help me to increase my server security. I have been hacked 3 time, and 2 DDOS attacks in the past week that one of them were very hard.
Thank you
But when I add it beside current modsecurity_crs_10_config (that is listed below), it doesn't loads the websites (I don't know why)
Code:
#SecRuleEngine DetectionOnly
SecRuleEngine On
SecDataDir /var/log/httpd/
SecDebugLog /var/log/httpd/modsec-debug.log
SecDebugLogLevel 1
Another one that I have found is https://github.com/SpiderLabs/ModSecurity/blob/master/modsecurity.conf-recommended, but I haven't yet tested it.
Anyway unfortunately there isn't a good tutorial about mod_security version 2 and only its useful directives.
++++++
At the other hand, a very rich sets of rules that I've found are OWASP mod_security CRS at https://github.com/SpiderLabs/owasp-modsecurity-crs
Taking a look at the official installation guide, they have said
1) The modsecurity_crs_10_config.conf includes management rules and directives
that can control important CRS functions. Pay attention to
the SecRuleEngine setting (On by default) and that the SecDefaultAction
directive is set to "pass". The 49 inbound blocking and 59 outbound blocking
rules files use the "block" action which
inherits this setting. The effectively means that you can toggle the
SecDefaultAction setting to decide if you would like to deny on an
anomaly scoring/correlation match.
But their recommanded modsecurity_crs_10_config.conf doesn't have SecRuleEngine setting On at all!
Also, there is not a clear installation guide. It's very hard to understand.
Someone please help me to increase my server security. I have been hacked 3 time, and 2 DDOS attacks in the past week that one of them were very hard.
Thank you