Linux Today: Linux News On Internet Time.

Getting Started With ModSecurity

May 19, 2009, 04:32 (0 Talkback[s])

[ Thanks to Andrew Weber for this link. ]

"Tip #1: Develop A Basic Understanding of ModSecurity Go to the modsecurity.org website, download and read the documentation. Once that is done you need to know how to find a policy number.

"1. Locate a Policy
The rules will be located in the directory you create, probably named modsecurity, and in that directory will be a list of rules. These Core Rules provide generic protection from many unknown vulnerabilities. You will not want to modify the Core Rules, except to turn them on, as when you update you will erase your settings. There are two files that have been created to create custom rules. The first is the modsecurity_crs_15_customrules.conf which lists rules that have been tested for your site and are working effectively. The second is a bailout ruleset, in other words, if you cannot get something to work you can place it in the modsecurity_crs_65_temporary.conf until you can get it fixed. For example, if you need to run ModSecurity but cannot get a specific rule to work you can disable it in this file until you can get it working.

"You can see that the file represent different kinds of rules. The 10_config provides the basic configuration and this is the file that you will use to turn on ModSecurity rules. The collection of rules provide protection for your web server, detects and protects against bots, crawlers,scanners, it detects and protects against trojans and limits error messages that will provide too much information to attackers."

Complete Story

Related Stories: