Apache
mod_security is a firewall module to prevent against SQL Injection,
cross-site scripting, bad user agents, and a lot of other exploits.
Depends on the Amazon Linux AMI version you may have to issue one of the below commands on a trial & error basis.
Below is the essential conf file for mod security,
It is recommended to run the application in "DetectionOnly" mode for a couple of days or so to avoid the false negative. For instance, in Drupal 7 some administrative pages (Panel Edit) & Views AJAX pager stopped working when "SecRuleEngine" to "ON".
Once the error log is reviewed & parameters are tweaked to meet the application needed SecRuleEngine can be changed On.
Add the following line to your httpd.conf. You can alternatively place these in any config file included by Httpd:
sudo yum install mod24_security.x86_64sudo yum install mod_security --enablerepo=epelBelow is the essential conf file for mod security,
/etc/httpd/conf.d/mod_security.confSecRuleEngine DetectionOnly
SecRequestBodyAccess OnIt is recommended to run the application in "DetectionOnly" mode for a couple of days or so to avoid the false negative. For instance, in Drupal 7 some administrative pages (Panel Edit) & Views AJAX pager stopped working when "SecRuleEngine" to "ON".
Once the error log is reviewed & parameters are tweaked to meet the application needed SecRuleEngine can be changed On.
SecRuleEngine Oncd /etc/httpd/modsecurity.d
sudo wget https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/v3.0/master.zip
sudo unzip master.zip
sudo mv owasp-modsecurity-crs-3.0-master modsecurity-crs
cd /etc/httpd/modsecurity.d/modsecurity-crs
sudo cp crs-setup.conf.example crs-setup.confAdd the following line to your httpd.conf. You can alternatively place these in any config file included by Httpd:
cd /etc/httpd/conf.d
sudo vim mod_security.conf
IncludeOptional modsecurity.d/*.conf
IncludeOptional modsecurity.d/activated_rules/*.conf
IncludeOptional modsecurity.d/local_rules/*.conf
sudo service httpd restart
No comments:
Post a Comment