how to install modSecurity with xampp ?

Problems with the Linux version of XAMPP, questions, comments, and anything related.

how to install modSecurity with xampp ?

Postby 007949 » 04. May 2006 18:59

how to install modSecurity with xampp ?
007949
 
Posts: 1
Joined: 04. May 2006 18:47

Postby LazyOne » 12. June 2006 08:20

download the stable 1.9.4 version of mod_security, untar it, change to the mod_security/apache2 folder and use this:

/opt/lampp/bin/apxs -cia mod_security.c

after that, open /opt/lampp/etc/httpd.conf and check that the load module mod_security is aktivated / integrated now.

then add this to httpd.conf (its the minimal config.)

# Turn ModSecurity On
SecFilterEngine On

# Reject requests with status 403
SecFilterDefaultAction "deny,log,status:403"

# Some sane defaults
SecFilterScanPOST On
SecFilterCheckURLEncoding On
SecFilterCheckUnicodeEncoding Off

# Accept almost all byte values
SecFilterForceByteRange 1 255

# Server masking is optional
# SecServerSignature "Microsoft-IIS/5.0"

SecUploadDir /tmp
SecUploadKeepFiles Off

# Only record the interesting stuff
SecAuditEngine RelevantOnly
SecAuditLog logs/audit_log

# You normally won't need debug logging
SecFilterDebugLevel 0
SecFilterDebugLog logs/modsec_debug_log

# Only accept request encodings we know how to handle
# we exclude GET requests from this because some (automated)
# clients supply "text/html" as Content-Type
SecFilterSelective REQUEST_METHOD "!^(GET|HEAD)$" chain
SecFilterSelective HTTP_Content-Type \
"!(^application/x-www-form-urlencoded$|^multipart/form-data;)"

# Do not accept GET or HEAD requests with bodies
SecFilterSelective REQUEST_METHOD "^(GET|HEAD)$" chain
SecFilterSelective HTTP_Content-Length "!^$"

# Require Content-Length to be provided with
# every POST request
SecFilterSelective REQUEST_METHOD "^POST$" chain
SecFilterSelective HTTP_Content-Length "^$"

# Don't accept transfer encodings we know we don't handle
SecFilterSelective HTTP_Transfer-Encoding "!^$"
LazyOne
 
Posts: 141
Joined: 12. May 2005 12:12
Location: München

Postby trool » 01. September 2006 18:04

debian:/opt/lampp/modsecurity-apache_1.9.4/apache2# /opt/lampp/bin/apxs -cia mod_security.c
cannot open /opt/lampp/build/config_vars.mk: No such file or directory at /opt/lampp/bin/apxs line 218.

that's what i get when trying to apply exactly like you said
trool
 
Posts: 1
Joined: 01. September 2006 18:00

Postby AngelSL » 04. September 2006 10:17

Try downloading the development package.
AngelSL
 
Posts: 6
Joined: 04. September 2006 10:04


Return to XAMPP for Linux

Who is online

Users browsing this forum: No registered users and 20 guests

cron