아파치 modsecurity 설치 및 테스트

설치환경
centos5.11(x86)
apache-2.0.65
modsecurity-2.5.11


mod_unique_id 설치

# /usr/local/src/httpd-2.0.65/modules/metadata

# /usr/local/apache-2.0.65/bin/apxs -cia mod_unique_id.c

설치가 안되어 있을 경우 차단은 되지만 로그가 남지 않음


apr설치

wget http://apache.mirror.cdnetworks.com/apr/apr-1.7.0.tar.gz
./configure --prefix=/usr/local/apr
make && make install

apr-util설치

wget http://apache.mirror.cdnetworks.com/apr/apr-util-1.6.1.tar.gz
./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
make && make install

pcre설치

# wget https://ftp.pcre.org/pub/pcre/pcre-8.43.tar.gz

# ./configure --prefix=/usr/local/pcre --with-apr=/usr/local/apr

# make && make install

Modsecurity설치

# wget https://master.dl.sourceforge.net/project/mod-security/modsecurity-apache/2.5.11/modsecurity-apache_2.5.11.tar.gz

# ./configure --with-apxs=/usr/local/apache-2.0.65/bin/apxs --with-apr=/usr/local/apr/bin/apr-1-config --with-pcre=/usr/local/pcre/bin/pcre-config

# make && make install

룰셋 적용

첨부파일

0.00MB

ModSecurity_1x_hosting_090311.conf - 1.9.x 버전 호스팅업체용
ModSecurity_1x_SMB_090311.conf - 1.9.x 버전 중소기업용
ModSecurity_2x_hosting_09311.conf - 2.x 버전 호스팅업체용

ModSecurity_2x_SMB_09311.conf - 2.x 버전 중소기업용
modsecurity-2.9.3에 적용할경우 id값을 입력해줘야함


httpd.conf에 include추가


테스트

# curl http://127.0.0.1/index.test?file=../../etc/passwd

룰 예외 적용할 경우

<LocationMatch "경로 및 파일명">
SecRuleEngine off
</LocationMatch>

첨부파일

0.00MB

참고
https://aonenetworks.tistory.com/631
https://www.yongbok.net/blog/apache-%EC%97%90-modsecurity-%EB%AA%A8%EB%93%88-%EC%84%A4%EC%B9%98%ED%95%98%EA%B8%B0/
https://github.com/spiderLabs/owasp-modsecurity-crs
https://linuxis.tistory.com/305
https://www.enteroa.com/tag/mod_security/