Apache Friends Support Forum

[master_bct]

I'm installed Xampp for Windowns.
Apache, MySQL, FileZilla working.

After I'm install module mod_security :

- Create a folder .../modules/mod_security/
- Copy to that folder: mod_security.so and the files msvcr80.dll and Microsoft.VC80.CRT.manifest.

After Add to httpd.conf:

LoadModule security_module modules/mod_security/mod_security.so

#
# Configuration Example for mod_security

<IfModule mod_security.c>

# Turn ModSecurity On
SecFilterEngine On

#SecFilterScanPOST On
SecFilterCheckURLEncoding On
SecFilterCheckUnicodeEncoding Off

# Accept almost all byte values
SecFilterForceByteRange 1 255

# Server masking is optional
# SecServerSignature "Steffen "

#SecUploadDir logs
#SecUploadKeepFiles Off

# Only record the interesting stuff
SecAuditEngine RelevantOnly
SecAuditLog logs/sec.log

## -- Common attacks --------------------

SecFilterDefaultAction "deny,log,msg:'Common attacks',status:403"

#Web Proxy GET Request
SecFilter "^GET (http|https|ftp)\:/"
#Web Proxy HEAD Request
SecFilter "^HEAD (http|https|ftp)\:/"
#Proxy POST Request
SecFilter "^POST (http|https|ftp)\:/"
#Proxy CONNECT Request
SecFilterSelective THE_REQUEST "^CONNECT "

# Only accept request encodings we know how to handle.
SecFilterSelective REQUEST_METHOD "!^(GET|HEAD)$" chain
SecFilterSelective HTTP_Content-Type "!(^application/x-www-form-urlencoded$|^multipart/form-data;)"

# Do not accept GET or HEAD requests with bodies
SecFilterSelective REQUEST_METHOD "^(GET|HEAD)$" chain
SecFilterSelective HTTP_Content-Length "!^$"

# Restrict which request methods can be used
SecFilterSelective REQUEST_METHOD "!^(GET|HEAD|POST)$"

# Restrict protocol versions.
SecFilterSelective SERVER_PROTOCOL "!^HTTP/(0\.9|1\.0|1\.1)$"

# Require Content-Length to be provided with every POST request.
SecFilterSelective REQUEST_METHOD "^POST$" chain
SecFilterSelective HTTP_Content-Length "^$"

# Don't accept transfer encodings we know we don't know how to handle
SecFilterSelective HTTP_Transfer-Encoding "!^$"

## -- PHP attacks --------------------

SecFilterSignatureAction "log,deny,msg:'PHP attack'"

# Possible code execution attack (targets valid PHP streams constructs)
SecFilterSelective ARGS_NAMES "^php:/"

#phpBB attack
SecFilterSelective ARG_highlight "(\x27|%27|\x2527|%2527)"

## -- Awstats-------------------------

SecFilterSignatureAction "log,deny,msg:'Awstats Attack'"
SecFilterSelective ARGS_NAMES "configdir"

## -- SQL Injection Attacks --------------------

SecFilterSignatureAction "log,deny,msg:'SQL Injection attack'"

# Generic
SecFilterSelective ARGS "delete[[:space:]]+from"
SecFilterSelective ARGS "drop[[:space:]]+database"
SecFilterSelective ARGS "drop[[:space:]]+table"
SecFilterSelective ARGS "drop[[:space:]]+column"
SecFilterSelective ARGS "drop[[:space:]]+procedure"
SecFilterSelective ARGS "create[[::space:]]+table"
SecFilterSelective ARGS "update.+set.+="
SecFilterSelective ARGS "insert[[:space:]]+into.+values"
SecFilterSelective ARGS "select.+from"
SecFilterSelective ARGS "bulk[[:space:]]+insert"
SecFilterSelective ARGS "union.+select"
SecFilterSelective ARGS "or.+1[[:space:]]*=[[:space:]]1"
SecFilterSelective ARGS "alter[[:space:]]+table"
SecFilterSelective ARGS "or 1=1--'"
SecFilterSelective ARGS "'.+--"

# MySQL
SecFilterSelective ARGS "into[[:space:]]+outfile"
SecFilterSelective ARGS "load[[:space:]]+data
SecFilterSelective ARGS "/\*.+\*/"


## -- Command execution --------------------

SecFilterSignatureAction "log,deny,msg:'Command execution attack'"

SecFilterSelective ARGS_VALUES "^(uname|id|ls|rm|kill)"
SecFilterSelective ARGS_VALUES "^(ls|id|pwd|wget)"
SecFilterSelective ARGS_VALUES ";[[:space:]]*(ls|id|pwd|wget)"

</IfModule>

Restart Apache but Apache not working .

Somebody help me??? [/quote]

[Wiedmann]

This module is for Apache 2.2.x?

[master_bct]

Yes. Mod Security is for Apache 2.2

File: Download File Mod_Security

[WorldDrknss]

try changing

<IfModule mod_security.c>
to
<IfModule mod_security>

or

<IfModule mod_security.c>
to
<IfModule mod_security.so>

[Wiedmann]

Yes. Mod Security is for Apache 2.2

Fine. BTW: I havn't test this module.

- Create a folder .../modules/mod_security/
- Copy to that folder: mod_security.so and the files msvcr80.dll and Microsoft.VC80.CRT.manifest.

That's wrong:
- copy "mod_security.so" to "\xampp\apache\modules"
- copy "msvcr80.dll" to "\xampp\apache\bin"
- copy "Microsoft.VC80.CRT.manifest" to "\xampp\apache\bin"

Code: Select all

LoadModule security_module modules/mod_security/mod_security.so

Should be:

Code: Select all

LoadModule security_module modules/mod_security.so

Code: Select all

<IfModule mod_security.c>

Should be:

Code: Select all

<IfModule security_module>

[master_bct]

I can't working width modify basic or Wiedmann.

I add:
Basic:

Code: Select all

LoadModule security_module modules/mod_security/mod_security.so

Or
Modify:

Code: Select all

LoadModule security_module modules/mod_security.so

Apache don't working.

[Izzy]

There are some syntax errors in the above httpd.conf file that will prevent the Apache server from starting.
The following should be edited or just use the # character at the begining of the line to test if your server starts first.
Then do the edits and remove the # character if your server starts.

# Generic
SecFilterSelective ARGS "delete[[:space:]]+from"
SecFilterSelective ARGS "drop[[:space:]]+database"
SecFilterSelective ARGS "drop[[:space:]]+table"
SecFilterSelective ARGS "drop[[:space:]]+column"
SecFilterSelective ARGS "drop[[:space:]]+procedure"
SecFilterSelective ARGS "create[[::space:]]+table"
SecFilterSelective ARGS "update.+set.+="
SecFilterSelective ARGS "insert[[:space:]]+into.+values"
SecFilterSelective ARGS "select.+from"
SecFilterSelective ARGS "bulk[[:space:]]+insert"
SecFilterSelective ARGS "union.+select"
SecFilterSelective ARGS "or.+1[[:space:]]*=[[:space:]]1"
SecFilterSelective ARGS "alter[[:space:]]+table"
# SecFilterSelective ARGS "or 1=1--'"
# SecFilterSelective ARGS "'.+--"

(these 2 lines are suspect - possibly should have a start and end ' )
SecFilterSelective ARGS "or '1=1--'"
SecFilterSelective ARGS "'.+--'"


# MySQL
SecFilterSelective ARGS "into[[:space:]]+outfile"
# SecFilterSelective ARGS "load[[:space:]]+data
SecFilterSelective ARGS "/\*.+\*/"

(This line has no closing " for sure)
SecFilterSelective ARGS "load[[:space:]]+data"

Even the smallest syntax error will prevent your Apache server from starting.

[foxxx428]

I just loaded up the latest xampp and the latest mod security. Apache starts just fine. Here's what I noticed.

Code: Select all

# Install:

- Create a folder .../modules/mod_security/
- Copy to that folder: mod_security.so and the files msvcr80.dll and Microsoft.VC80.CRT.manifest.
  The ms files are necessary because the module is build with Visual C++ 2005, which supports a new deployment model (to prevent dll conflicts).

That means in the modules folder, create a subfolder called mod_security and place your 3 files in there OR

Code: Select all

# Add to your httpd.conf

LoadModule security_module modules/mod_security/mod_security.so

Change

Code: Select all

LoadModule security_module modules/mod_security/mod_security.so

to

Code: Select all

LoadModule security_module modules/mod_security.so

Other than than maybe a misplaced directive, I can't see any other reason why apache won't start.