Sysop:Mod Security
- Website: http://www.modsecurity.org/
Mod_Security is a module for the apache webserver, which parses any requests to the webserver against some rulesets. You can create easily your own ruleset, as well activate, deactivate certain rules. It is recommended to be used for any non-static webapplications which are attackable by simple post- and/or get-requests.
Installation
Gentoo
On gentoo emerge it
emerge mod_security
and then add
-D SECURITY
in /etc/conf.d/apache2. It seems that you have to enable as well mod_unique_id, which can be done by uncommenting the LoadModule line for this module in /etc/apache2/httpd.conf.
Then we need to tweak some configuration:
/etc/apache2/modules.d/mod_security/modsecurity_crs_10_config.conf
Change the log directory from /logs to /var/log/apache2/ . Thus they should look like this
SecAuditLog /var/log/apache2/modsec_audit.log SecDebugLog /var/log/apache2/modsec_debug.log
Additional Rules you can put in /etc/apache2/modules.d/mod_security/ You can for example download additional on gotroot
other
Documentation
turn it off
For example per VHost just place this there:
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
Or you can turn it off generally in /etc/apache2/modules.d/mod_security/modsecurity_crs_10_config.conf
and then add per VHost you want to enable it:
<IfModule mod_security2.c>
SecRuleEngine On
</IfModule>
Rules
On gotroot you can find additional rules which seems to sometimes a bit tight for your need. However it's good to load them and test for xour needs.