Problem width mod_security

Problems with the Windows version of XAMPP, questions, comments, and anything related.

Problem width mod_security

Postby master_bct » 05. April 2006 07:24

I'm installed Xampp for Windowns.
Apache, MySQL, FileZilla working.

After I'm install module mod_security :

- Create a folder .../modules/mod_security/
- Copy to that folder: mod_security.so and the files msvcr80.dll and Microsoft.VC80.CRT.manifest.


After Add to httpd.conf:

LoadModule security_module modules/mod_security/mod_security.so

#
# Configuration Example for mod_security

<IfModule mod_security.c>

# Turn ModSecurity On
SecFilterEngine On

#SecFilterScanPOST On
SecFilterCheckURLEncoding On
SecFilterCheckUnicodeEncoding Off

# Accept almost all byte values
SecFilterForceByteRange 1 255

# Server masking is optional
# SecServerSignature "Steffen :)"

#SecUploadDir logs
#SecUploadKeepFiles Off

# Only record the interesting stuff
SecAuditEngine RelevantOnly
SecAuditLog logs/sec.log

## -- Common attacks --------------------

SecFilterDefaultAction "deny,log,msg:'Common attacks',status:403"

#Web Proxy GET Request
SecFilter "^GET (http|https|ftp)\:/"
#Web Proxy HEAD Request
SecFilter "^HEAD (http|https|ftp)\:/"
#Proxy POST Request
SecFilter "^POST (http|https|ftp)\:/"
#Proxy CONNECT Request
SecFilterSelective THE_REQUEST "^CONNECT "

# Only accept request encodings we know how to handle.
SecFilterSelective REQUEST_METHOD "!^(GET|HEAD)$" chain
SecFilterSelective HTTP_Content-Type "!(^application/x-www-form-urlencoded$|^multipart/form-data;)"

# Do not accept GET or HEAD requests with bodies
SecFilterSelective REQUEST_METHOD "^(GET|HEAD)$" chain
SecFilterSelective HTTP_Content-Length "!^$"

# Restrict which request methods can be used
SecFilterSelective REQUEST_METHOD "!^(GET|HEAD|POST)$"

# Restrict protocol versions.
SecFilterSelective SERVER_PROTOCOL "!^HTTP/(0\.9|1\.0|1\.1)$"

# Require Content-Length to be provided with every POST request.
SecFilterSelective REQUEST_METHOD "^POST$" chain
SecFilterSelective HTTP_Content-Length "^$"

# Don't accept transfer encodings we know we don't know how to handle
SecFilterSelective HTTP_Transfer-Encoding "!^$"

## -- PHP attacks --------------------

SecFilterSignatureAction "log,deny,msg:'PHP attack'"

# Possible code execution attack (targets valid PHP streams constructs)
SecFilterSelective ARGS_NAMES "^php:/"

#phpBB attack
SecFilterSelective ARG_highlight "(\x27|%27|\x2527|%2527)"

## -- Awstats-------------------------

SecFilterSignatureAction "log,deny,msg:'Awstats Attack'"
SecFilterSelective ARGS_NAMES "configdir"

## -- SQL Injection Attacks --------------------

SecFilterSignatureAction "log,deny,msg:'SQL Injection attack'"

# Generic
SecFilterSelective ARGS "delete[[:space:]]+from"
SecFilterSelective ARGS "drop[[:space:]]+database"
SecFilterSelective ARGS "drop[[:space:]]+table"
SecFilterSelective ARGS "drop[[:space:]]+column"
SecFilterSelective ARGS "drop[[:space:]]+procedure"
SecFilterSelective ARGS "create[[::space:]]+table"
SecFilterSelective ARGS "update.+set.+="
SecFilterSelective ARGS "insert[[:space:]]+into.+values"
SecFilterSelective ARGS "select.+from"
SecFilterSelective ARGS "bulk[[:space:]]+insert"
SecFilterSelective ARGS "union.+select"
SecFilterSelective ARGS "or.+1[[:space:]]*=[[:space:]]1"
SecFilterSelective ARGS "alter[[:space:]]+table"
SecFilterSelective ARGS "or 1=1--'"
SecFilterSelective ARGS "'.+--"

# MySQL
SecFilterSelective ARGS "into[[:space:]]+outfile"
SecFilterSelective ARGS "load[[:space:]]+data
SecFilterSelective ARGS "/\*.+\*/"


## -- Command execution --------------------

SecFilterSignatureAction "log,deny,msg:'Command execution attack'"

SecFilterSelective ARGS_VALUES "^(uname|id|ls|rm|kill)"
SecFilterSelective ARGS_VALUES "^(ls|id|pwd|wget)"
SecFilterSelective ARGS_VALUES ";[[:space:]]*(ls|id|pwd|wget)"

</IfModule>


Restart Apache but Apache not working :( .

Somebody help me??? [/quote]
master_bct
 
Posts: 4
Joined: 05. April 2006 07:04

Postby Wiedmann » 05. April 2006 13:23

This module is for Apache 2.2.x?
Wiedmann
AF Moderator
 
Posts: 17106
Joined: 01. February 2004 12:38
Location: Stuttgart / Germany

Yes

Postby master_bct » 06. April 2006 02:05

Yes. Mod Security is for Apache 2.2

File: Download File Mod_Security
master_bct
 
Posts: 4
Joined: 05. April 2006 07:04

Postby WorldDrknss » 06. April 2006 03:08

try changing

<IfModule mod_security.c>
to
<IfModule mod_security>

or

<IfModule mod_security.c>
to
<IfModule mod_security.so>
http://wdguides.org - XAMPP Tutorials & MORE!!!!
User avatar
WorldDrknss
 
Posts: 292
Joined: 17. September 2005 13:40

Postby Wiedmann » 06. April 2006 13:06

Yes. Mod Security is for Apache 2.2

Fine. BTW: I havn't test this module.

- Create a folder .../modules/mod_security/
- Copy to that folder: mod_security.so and the files msvcr80.dll and Microsoft.VC80.CRT.manifest.

That's wrong:
- copy "mod_security.so" to "\xampp\apache\modules"
- copy "msvcr80.dll" to "\xampp\apache\bin"
- copy "Microsoft.VC80.CRT.manifest" to "\xampp\apache\bin"

Code: Select all
LoadModule security_module modules/mod_security/mod_security.so

Should be:
Code: Select all
LoadModule security_module modules/mod_security.so


Code: Select all
<IfModule mod_security.c>

Should be:
Code: Select all
<IfModule security_module>
Wiedmann
AF Moderator
 
Posts: 17106
Joined: 01. February 2004 12:38
Location: Stuttgart / Germany

Postby master_bct » 10. April 2006 01:03

I can't working width modify basic or Wiedmann.

I add:
Basic:
Code: Select all
LoadModule security_module modules/mod_security/mod_security.so

Or
Modify:
Code: Select all
LoadModule security_module modules/mod_security.so


Apache don't working.
master_bct
 
Posts: 4
Joined: 05. April 2006 07:04

Postby Izzy » 25. April 2006 18:26

There are some syntax errors in the above httpd.conf file that will prevent the Apache server from starting.
The following should be edited or just use the # character at the begining of the line to test if your server starts first.
Then do the edits and remove the # character if your server starts.
# Generic
SecFilterSelective ARGS "delete[[:space:]]+from"
SecFilterSelective ARGS "drop[[:space:]]+database"
SecFilterSelective ARGS "drop[[:space:]]+table"
SecFilterSelective ARGS "drop[[:space:]]+column"
SecFilterSelective ARGS "drop[[:space:]]+procedure"
SecFilterSelective ARGS "create[[::space:]]+table"
SecFilterSelective ARGS "update.+set.+="
SecFilterSelective ARGS "insert[[:space:]]+into.+values"
SecFilterSelective ARGS "select.+from"
SecFilterSelective ARGS "bulk[[:space:]]+insert"
SecFilterSelective ARGS "union.+select"
SecFilterSelective ARGS "or.+1[[:space:]]*=[[:space:]]1"
SecFilterSelective ARGS "alter[[:space:]]+table"
# SecFilterSelective ARGS "or 1=1--'"
# SecFilterSelective ARGS "'.+--"


(these 2 lines are suspect - possibly should have a start and end ' )
SecFilterSelective ARGS "or '1=1--'"
SecFilterSelective ARGS "'.+--'"


# MySQL
SecFilterSelective ARGS "into[[:space:]]+outfile"
# SecFilterSelective ARGS "load[[:space:]]+data
SecFilterSelective ARGS "/\*.+\*/"

(This line has no closing " for sure)
SecFilterSelective ARGS "load[[:space:]]+data"

Even the smallest syntax error will prevent your Apache server from starting.
Izzy
 
Posts: 3344
Joined: 25. April 2006 17:06

Postby foxxx428 » 28. April 2006 00:24

I just loaded up the latest xampp and the latest mod security. Apache starts just fine. Here's what I noticed.

Code: Select all
# Install:

- Create a folder .../modules/mod_security/
- Copy to that folder: mod_security.so and the files msvcr80.dll and Microsoft.VC80.CRT.manifest.
  The ms files are necessary because the module is build with Visual C++ 2005, which supports a new deployment model (to prevent dll conflicts).


That means in the modules folder, create a subfolder called mod_security and place your 3 files in there OR

Code: Select all
# Add to your httpd.conf

LoadModule security_module modules/mod_security/mod_security.so


Change

Code: Select all
LoadModule security_module modules/mod_security/mod_security.so


to

Code: Select all
LoadModule security_module modules/mod_security.so


Other than than maybe a misplaced directive, I can't see any other reason why apache won't start.
User avatar
foxxx428
 
Posts: 33
Joined: 20. December 2004 22:21


Return to XAMPP for Windows

Who is online

Users browsing this forum: dstang and 37 guests