This can be changed by editing the nf file: nano /etc/modsecurity/nfįind this line SecRuleEngine DetectionOnly The default configuration file is set to DetectionOnly which logs requests according to rule matches and doesn’t block anything. Out of the box, modsecurity doesn’t do anything as it needs rules to work.
rw-r- 1 root root 0 Oct 19 08:08 /var/log/apache2/modsec_audit.log You’ll find a new log file for mod_security in the Apache log directory: ls -l /var/log/apache2/modsec_audit.log Modsecurity’s installation includes a recommended configuration file which has to be renamed: mv /etc/modsecurity/nf You should see a module named security2_module (shared) which indicates that the module was loaded. Verify if the mod_security module was loaded.
Modsecurity is available in the Debian/Ubuntu repository: apt-get install libapache2-modsecurity In order to complete this tutorial, you will need LAMP installed on your server. For Apache, it is an additional module which makes it easy to install and configure. It supports a flexible rule engine to perform simple and complex operations and comes with a Core Rule Set (CRS) which has rules for SQL injection, cross site scripting, Trojans, bad user agents, session hijacking and a lot of other exploits. Mod security is a free Web Application Firewall (WAF) that works with Apache, Nginx and IIS.
0 kommentar(er)
