Comments on: How to mod_security Ubuntu 9.04 http://blog.bodhizazen.net/linux/how-to-mod_security-ubuntu-904/ A LAMP in the Samsara Tue, 09 Mar 2010 17:24:12 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: David http://blog.bodhizazen.net/linux/how-to-mod_security-ubuntu-904/comment-page-1/#comment-1548 David Tue, 09 Mar 2010 16:53:28 +0000 http://blog.bodhizazen.net/?p=227#comment-1548 (crap editor removed lines) Add brackets below as appropriate. IfModule security2_module SecServerSignature “Microsoft-IIS/5.0″ /IfModule (crap editor removed lines)
Add brackets below as appropriate.

IfModule security2_module
SecServerSignature “Microsoft-IIS/5.0″
/IfModule

]]> By: David http://blog.bodhizazen.net/linux/how-to-mod_security-ubuntu-904/comment-page-1/#comment-1547 David Tue, 09 Mar 2010 16:50:58 +0000 http://blog.bodhizazen.net/?p=227#comment-1547 (Disclaimer my system is Ubuntu 9.10 but should apply to other flavors as well) If you followed the above instructions and it appears to not be working you should verify that the module name is correct and is enabled. First check the module is enabled by looking in the /etc/apache2/mods-enabled directory. There should be s symbolic link named mod-security.load. Look at the contents of that file 'more mod-security.load' The 2nd of that file was: LoadModule security2_module /usr/lib/apache2/modules/mod_security2.so So in one of your apache config files that is loaded you would need to specify it as: SecServerSignature "Microsoft-IIS/5.0" (spaced added after >'s in case they are interpreted by this editor) You can verify that the module is working then with the above config by checking if 'curl -i YOURDOMAIN.COM' returns Microsoft-IIS/5.0 for the server instead of Apache. (Disclaimer my system is Ubuntu 9.10 but should apply to other flavors as well)
If you followed the above instructions and it appears to not be working you should verify that the module name is correct and is enabled.

First check the module is enabled by looking in the /etc/apache2/mods-enabled directory. There should be s symbolic link named mod-security.load.

Look at the contents of that file ‘more mod-security.load’
The 2nd of that file was:
LoadModule security2_module /usr/lib/apache2/modules/mod_security2.so

So in one of your apache config files that is loaded you would need to specify it as:

SecServerSignature “Microsoft-IIS/5.0″

(spaced added after >’s in case they are interpreted by this editor)

You can verify that the module is working then with the above config by checking if ‘curl -i YOURDOMAIN.COM’ returns Microsoft-IIS/5.0 for the server instead of Apache.

]]> By: bodhi.zazen http://blog.bodhizazen.net/linux/how-to-mod_security-ubuntu-904/comment-page-1/#comment-1514 bodhi.zazen Mon, 15 Feb 2010 04:19:34 +0000 http://blog.bodhizazen.net/?p=227#comment-1514 Yes, it takes some time to sort out mod_security. http://www.modsecurity.org/documentation/modsecurity-apache/2.1.0/modsecurity2-apache-reference.html#N107B3 Yes, it takes some time to sort out mod_security.

http://www.modsecurity.org/documentation/modsecurity-apache/2.1.0/modsecurity2-apache-reference.html#N107B3

]]> By: Andre http://blog.bodhizazen.net/linux/how-to-mod_security-ubuntu-904/comment-page-1/#comment-1508 Andre Sun, 14 Feb 2010 21:27:28 +0000 http://blog.bodhizazen.net/?p=227#comment-1508 One more thing, the servertokens are still there. Which config or rule takes care of this? Those rules are little bit complex for a "mod_security" noob. But it's a must have for a public webserver. thanks One more thing, the servertokens are still there.
Which config or rule takes care of this?

Those rules are little bit complex for a “mod_security” noob.
But it’s a must have for a public webserver.

thanks

]]> By: bodhi.zazen http://blog.bodhizazen.net/linux/how-to-mod_security-ubuntu-904/comment-page-1/#comment-1507 bodhi.zazen Sun, 14 Feb 2010 16:28:47 +0000 http://blog.bodhizazen.net/?p=227#comment-1507 Andre: glad you got it working =) mod_security typically needs a bit of additional configuration. Andre: glad you got it working =)

mod_security typically needs a bit of additional configuration.

]]> By: Andre http://blog.bodhizazen.net/linux/how-to-mod_security-ubuntu-904/comment-page-1/#comment-1506 Andre Sun, 14 Feb 2010 14:08:19 +0000 http://blog.bodhizazen.net/?p=227#comment-1506 oops, it does work now with the php, i get a 403 forbidden oops, it does work now with the php, i get a 403 forbidden

]]> By: Andre http://blog.bodhizazen.net/linux/how-to-mod_security-ubuntu-904/comment-page-1/#comment-1505 Andre Sun, 14 Feb 2010 13:54:58 +0000 http://blog.bodhizazen.net/?p=227#comment-1505 Hi, Does it work on 9.10? Doesn't work here with 9.10 Hi,

Does it work on 9.10?
Doesn’t work here with 9.10

]]> By: Slava Markeyev » Blog Archive » Apache – Security by Obscurity http://blog.bodhizazen.net/linux/how-to-mod_security-ubuntu-904/comment-page-1/#comment-1486 Slava Markeyev » Blog Archive » Apache – Security by Obscurity Sat, 06 Feb 2010 10:13:19 +0000 http://blog.bodhizazen.net/?p=227#comment-1486 [...] two things. 1. mod_security is a great tool. We only used one feature of it. I suggest you follow bodhi.zazen’s tutorial to further configure it. 2. Security by ONLY obscurity is dangerous. You should [...] [...] two things. 1. mod_security is a great tool. We only used one feature of it. I suggest you follow bodhi.zazen’s tutorial to further configure it. 2. Security by ONLY obscurity is dangerous. You should [...]

]]> By: bodhi.zazen http://blog.bodhizazen.net/linux/how-to-mod_security-ubuntu-904/comment-page-1/#comment-1361 bodhi.zazen Wed, 09 Dec 2009 21:58:42 +0000 http://blog.bodhizazen.net/?p=227#comment-1361 Thank you for that great comment Chris Morgeson Thank you for that great comment Chris Morgeson

]]> By: Chris Morgeson http://blog.bodhizazen.net/linux/how-to-mod_security-ubuntu-904/comment-page-1/#comment-1360 Chris Morgeson Wed, 09 Dec 2009 20:57:56 +0000 http://blog.bodhizazen.net/?p=227#comment-1360 - adding on to Jason's comment If you change your line in the apache2.conf to "Include /etc/apache2/conf.d/*.conf" You will need to add more include statements to add back your 'security','localized-error-pages','charset' configs because the previous include was including code from all the files within the conf.d folder. So if you change your apache2.conf to read: Include /etc/apache2/conf.d/*.conf -- You will need to add the three includes below Include /etc/apache2/conf.d/security Include /etc/apache2/conf.d/localized-error-pages Include /etc/apache2/conf.d/charset Or you can add the .conf extention to each of the files you want (security.conf, etc.) - adding on to Jason’s comment

If you change your line in the apache2.conf to “Include /etc/apache2/conf.d/*.conf”

You will need to add more include statements to add back your ’security’,'localized-error-pages’,'charset’ configs because the previous include was including code from all the files within the conf.d folder. So if you change your apache2.conf to read:

Include /etc/apache2/conf.d/*.conf — You will need to add the three includes below
Include /etc/apache2/conf.d/security
Include /etc/apache2/conf.d/localized-error-pages
Include /etc/apache2/conf.d/charset

Or you can add the .conf extention to each of the files you want (security.conf, etc.)

]]>