Category : Web Security
BEGINNERS GUIDE TO MOD_SECURITY
Mod_security
It is an open source
,cross-platform WAF i.e Web Application Firewall.It is also known as “SWISS ARMY
KNIFE” of WAFs.It blocks
commonly known exploits by using some defined regular expressions and rule sets.mostly
it is found enabled on all InMotion servers .It is helpful in blocking common
code injection attacks.It provides outstanding protection against threats to
data with the help of applications and protecting against known attacks that
target vulnerabilities in public software.
What Mod_Security can do?
Mod_security
makes sense of as much supported data formats as available and then extracts
bits of data for using as rules in future.
When
we do typical installation ,then both the resquest and response bodies are
buffered ,resulting that Mod_Security sees complete request and response before
these request are passed to application for processing.
It is one of the
imp. Feature in modsecurity
Audit logging/transaction logging is main
part of what modsecurity do .Because of this feature we are able to record
complete HTTPs traffic .Request header ,response header response body -these
all bits are available to us because of this feature.
Before the Rule Engine start ,all bits and pieces of
data are prepared and made ready for inspection.
COMMERCIAL MOD_SECURITY RULES
1. Virtual patching
2. IP reputation
3. Web Based malware detection
4. Webshell or backdoor detection
5. Botnet attack detection
6. http denial of service attack
detection
7. antivirus scanning of file
attachments.
IMPACT OF MOD_SECURITY ON WEB SERVERS
Installing mod_security on our servers changes
how our web servers operates.When we install mod_security on our server our
resources like CPU and RAM comsumption increases .
Below
is a list of various activities of mod_security which increase resource
consumption:
·
Mod_security
adds to the parsing already done by Apache ,which results in slight inc. of CPU
consumption.
·
Parsers like XML are more expensive.
·
Input/output
operations are required for handling of uploaded files
·
Parsing
results in RAM consumption because every extracted element needs to be copied in its own space.
Installing Mod_security
Note:- Always install mod_security from
source as it is best way to be updated with the latest versions and rules ,and
even we are able to make changes we want to make
STEPs :-
Downloading
releases
For
downloading mod_security just go to official site of mod_security or follow the
given link http://www.modsecurity.org/download/
Now
there download both the main distribution and the cryptographic signature or Just
type the followings commands in your OS
$ wget http://www.modsecurity.org/download/modsecurity-apache_2.5.10-dev2.tar.gz
$ wget
http://www.modsecurity.org/download/modsecurity-apache_2.5.10-dev2.tar.gz.asc
NOTE:- Beware of trojans which may be planted
by the third parties
Configuration :-
Main
config files are given below :-
1. main.conf Main configuration
file
2. rules-first.conf Rules that need to run first
3. rules.conf Your principal
rule file
4. rules-last.conf Rules that need to run
last
NOTE :- Our main configuration file i.e,
(modsecurity.conf) should only contain followings lines.
IfModule mod_security2.c
Include /opt/modsecurity/etc/main.conf
Include/opt/modsecurity/etc/rules-first.conf Include/opt/modsecurity/etc/rules.conf
Include/opt/modsecurity/etc/rules-last.conf
/IfModule
Now setup mod_security to APACHE server
----------
------
---
FURTHER
INSTALLATION STEPS ARE IN BEGINNERS
GUIDE TO MOD_SECURITY 2 (article will be uploaded soon)
So
keep visiting cyberintelligence.in
article portal.
Contact Us
Proudly Operated from India
© 2016 Copyrights. All Rights Reserved