I saw other post asking about this as the information can be very confusing....:
Note: This step by step baby tutorial (the best kind ) on installing `mod_security' is what I did to get it working while for:`xampp v1.7.1 standalone/portable' (which is Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i PHP/5.2.9) on Windows XP SP3.
mod_security-2.5.9-win32.zip 13 Mar '09 1469K
http://www.apachelounge.com/download/mo ... -win32.zip
check for new versions here: http://www.apachelounge.com/download/
Huge Thanks for the windows installing go to *glsmith* at http://www.apachelounge.com
(see the post here: http://www.apachelounge.com/viewtopic.php?t=3018 )
1. Install if you haven't already: Microsoft Visual C++ 2008 Redistributable Package (x86)
http://www.microsoft.com/downloads/deta ... laylang=en
& if you like: Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)
2. Copy the module `mod_security2.so' to: \xampp\apache\modules\mod_security2\ <create this new directory
Backup your existing \xampp\apache\bin\libxm12.dll to somewhere safe just in case.
Then copy the libxml2.dll that is included in the zip: \xampp\apache\bin
4. Rename `modsecurity.conf-minimal' (included in zip) to: modsecurity.conf then copy that to:
5. Edit in notepad: modsecurity.conf
Below the line: SecResponseBodyLimit 524288
add the line:
SecRule ARGS "\.\./" "t:normalisePathWin,id:99999,severity:4,msg:'Drive Access'"
save and exit.
6. Edit in notepad: httpd.conf
a. Enable the module unique_id by uncommenting (remove the '#' that preceeds it) this line :
LoadModule unique_id_module modules/mod_unique_id.so
b. Add this line at the bottom of Load Modules section:
LoadModule security2_module modules/mod_security2/mod_security2.so
c. Add this line at the bottom of Include conf/.. section :
save and exit.
7. Restart Apache.
8. Look in the error log (\xampp\apache\logs\error.log), You should see a line like:
[notice] ModSecurity for Apache/2.5.9 (http://www.modsecurity.org/) configured.
9. Now try opening your site with this URL (replace localhost with your domain): http://localhost/?abc=../../
You should get a 403 Access Forbidden < *I don't get this error, it opens fine for me. But on error logs it states:
[error] [client 192.168.1.2] ModSecurity: Warning. Pattern match "\\.\\./" at ARGS:abc.
[file"D:/xampp/apache/conf/modsecurity.conf"] [line "33"] [id "99999"] [msg "Drive Access"] [severity "WARNING"] [hostname"my.host.name.com"] [uri "/"] [unique_id "SiCQz8CoAQIAAAdjfldfj"]
Which I'm told means mod_security is loaded and working. (though I'm confused as to why the rule was added,
but yet website can still open with that strange URL. Though I do see in the rule it states to `msg' not deny..?, never mind, moving on :p)
10. To add the other rules included in the zip: Rename `rules' directory (from zip) to `core', copy it including contents to: /xampp/apache/conf/core
11. Edit in notepad: httpd.conf (\xampp\apache\conf\httpd.conf)
a. Add this line at the bottom of Include conf/.. section :
save and exit.
12. Restart Apache. Done! For more info beyond this read included docs, the .conf files and go to their forums.
Anymore to add or correct here please do, thank you.
PS. If you allow users to upload files and now they can't after installing the firewall as I did, this is how I fixed it:
Create a directory named: tmp in the root of your drive where xampp is installed. For me this is: D:\tmp\
Uploads were once again allowed (and not the uploads won't go there).