Showing posts with label mod security rules configuration. Show all posts
Showing posts with label mod security rules configuration. Show all posts

Thursday, March 20

Configuring apache mod security -Mod Security rules configuration

Below are the detailed around Mod Security configuration on apache server. Please let me know If you need any further details on that .

1.       Add  below configuration  in httpd.conf file

LoadModule security2_module modules/
LoadModule unique_id_module modules/
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

Include /etc/httpd/modsecurity_crs/*.conf
SecAuditEngine On
#SecFilterScanPOST On
SecAuditLog logs/audit_log

2. and are modules that needs to be placed in apache modules folder

/etc/httpd/modsecurity_crs is the place where rules files exist .

We have placed below rule file at this location

SecDefaultAction  "phase:1,phase:2,auditlog,logdata:'%{MATCHED_VAR_NAME}=%{MATCHED_VAR}',deny,redirect:/errorpage.html"

SecRule ARGS_NAMES "!^(post-name_)+$" "id:'1000010'"

SecRule ARGS:post-name "!^[a-zA-Z0-9_]{0,4096}$" "id:'1000237'"

This configuration will allow only post-name attribute with alphanumeric and _ characters allowed in the value . Every other request parameter will be rejected and user will be redirected to errorpage.html

Logs captured by mod security can be viewed in  logs/audit_log file. 

3.       I have created simple Form with GET and POST request on apache server

<h1>GET!! Test Apache Redirection</h1>
<form name='f1' method="GET" action="/getService">
Enter Your Name : <input type="text" name="name" value=""/>
<input type="submit" id="Go" value="GET Submit"/>
<h1>POST !! Test Apache Redirection</h1>
<form name='f2' method="POST" action="/postService">
Enter Your Name : <input type="text" name="post-name" value=""/>
<input type="submit" id="submit" value="Post Submit"/>

4.       So in above form through GET request we are submitting form with request attribute name and through post request attribute is post-name.

post-name will pass  and name will fail as name is not configured as allowed parameter in mod security rules configuration file.