I want ModSecurity rules,Do you have it ?

Discussion in 'Security' started by qualityhostings, Aug 2, 2008.

0
  1. #1
    Hey

    I am looking for modsecurity rule for the apache version 2.
    I have set of rules for apache 1 and is working fine , but now looking for 2 .

    Please let me know the link if you know it.

    Regards
     
    qualityhostings, Aug 2, 2008 IP
  2. Yousif

    Yousif Banned

    Messages:
    233
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    0
    #2
    Extract the files into a new folder called security 2, (that's what I would name it). There are 9 config files that we need to include into mod_security

    ((HOW-TO))

    <IfModule mod_security2.c>

    SecRuleEngine On
    SecDefaultAction log,auditlog,deny,status:403,phase:2,t:lowercase,t:replaceNulls,t:compressWhitespace

    SecAuditEngine RelevantOnly
    SecAuditLogType Serial
    SecAuditLog logs/mod_security2.log


    ## -- General rules --------------------

    SecRule ARGS "c:/" t:normalisePathWin
    SecRule ARGS "\.\./" t:normalisePathWin
    SecRule ARGS "d:/" t:normalisePathWin

    ## -- phpBB attack --------------------
    SecRule ARGS:highlight "(\x27|%27|\x2527|%2527)"

    #GotRoot Exclude rules
    Include conf/security2/exclude.conf

    #GotRoot apache2 rules
    Include conf/security2/apache2-rules.conf

    #GotRoot blacklist rules
    Include conf/security2/blacklist.conf

    #GotRoot blacklist2 rules
    Include conf/security2/blacklist2.conf

    #GotRoot jitp rules
    Include conf/security2/jitp.conf

    #GotRoot recons rules
    Include conf/security2/recons.conf

    #GotRoot rootkits rules
    Include conf/security2/rootkits.conf

    #GotRoot rules
    Include conf/security2/rules.conf

    #GotRoot useragents rules
    Include conf/security2/useragents.conf

    </IfModule>


    Exclude.conf MUST be loaded first per GotRoots instructions. Note: This is not a universal config, it may block certain traffic, as all websites are different. Configure it how you want. You may need to adjust some rules, or take out some. If you run into an issue, look at the security log and then comment out the rule that is affecting legitimate traffic in its conf file; simply add a # in front to negate that rule.
     
    Yousif, Aug 2, 2008 IP
  3. qualityhostings

    qualityhostings Well-Known Member

    Messages:
    1,764
    Likes Received:
    9
    Best Answers:
    0
    Trophy Points:
    105
    #3
    Thanks, but you forgot to post the link for downloading the rules.
    If it is from gotRoot, I have tried it and it never worked for me and gave apache failiure
     
    qualityhostings, Aug 2, 2008 IP
  4. Yousif

    Yousif Banned

    Messages:
    233
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    0
    #4
    Yousif, Aug 2, 2008 IP
  5. Lerris

    Lerris Peon

    Messages:
    25
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #5
    Lerris, Aug 2, 2008 IP
  6. Economist

    Economist Peon

    Messages:
    231
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #6
    Rules from gotroot are pretty good, I use it :)
     
    Economist, Aug 8, 2008 IP
  7. nimhost

    nimhost Active Member

    Messages:
    235
    Likes Received:
    7
    Best Answers:
    0
    Trophy Points:
    58
    #7
    there is more good rules you can get from this website also it's have automatically install script :)

    you can get it from 403 security
     
    nimhost, Aug 15, 2008 IP