| View previous topic :: View next topic |
| Author |
Message |
dirtbag
Guru
Joined: 18 Feb 2003
Posts: 508
Location: NC
|
 Posted: Sun Apr 08, 2007 2:46 pm Post subject: mod_security 1.9.4 from portage |
 |
|
hey, i just installed this on my server cuz I had someone drop some kinda bot in my /dev/shm dir.
Ive got it installed, configured my
/etc/conf.d/apache2 to enable the -D SECURITY
when I restart my apache server, I cant get to ANY of my webserver pages..
it seems theyre all denied by the rules..
I looked over the default rules in /etc/apache2/modules.d/99_mod_security.conf
but I dont see anything that specifically needs to be changes..
are the default rulesets ok to use or do you have to modify them?
mod_security-message: Access denied with code 500. Pattern match "!(mod_security|mozilla)" at HEADER
mod_security-action: 500
so
# Only allow our own test utility to send requests (or Mozilla)
SecFilterSelective HTTP_USER_AGENT "!(mod_security|mozilla)"
seems to be the culprit..
is that the only rule that needs to be tweaked?
i found this set of rules too
http://www.linuxtechs.net/mod_security
what do yall suggest for a good set of default rules?
-db |
|
| Back to top |
|
 |
steveb
Advocate
Joined: 18 Sep 2002
Posts: 4564
|
| Posted: Sun Apr 08, 2007 3:18 pm Post subject: |
|
|
Phuuu... has been long time since I used mod_security 1.x series. Currently I use 2.1.0 with my custom made ebuild.
Anyway... if you are looking for good rules, then have a look at # Got Root
BTW: The rule you mentioned is a negative rule. So each browser which is not reporting to be mozilla or mod_security will get a error 500. Disable it! It would be better to get other rules from # Got Root
cheers
Steve |
|
| Back to top |
|
|
dirtbag
Guru
Joined: 18 Feb 2003
Posts: 508
Location: NC
|
| Posted: Sun Apr 08, 2007 3:56 pm Post subject: schweet! |
|
|
thanks.. thats awesome.. just what I was looking for.. I see that theres many different rulesets and it says for apache2 (which im using) to use them all. but I dont see how to. should I just cat them all into 1 big rules file, or can I modify the
/etc/apache2/modules.d/99_mod_security.conf to include them all? I looked at the FAQ on the gotroot page and some other docs, but it didnt say.
-db |
|
| Back to top |
|
|
dirtbag
Guru
Joined: 18 Feb 2003
Posts: 508
Location: NC
|
|
| Back to top |
|
|
hanj
Veteran
Joined: 19 Aug 2003
Posts: 1500
|
| Posted: Wed May 09, 2007 2:32 pm Post subject: |
|
|
Hello
Not to get off topic.. but what are your opts for /dev/shm in /etc/fstab?
You might want to see if you have nodev,nosuid,noexec for that.
| Code: | | none /dev/shm tmpfs nodev,nosuid,noexec 0 0 |
hanji
_________________
Server Admin Blog - Uno-Code.com |
|
| Back to top |
|
|
|
Networking & Security
