Mod security

From Atomicorp Wiki
Revision as of 14:02, 8 September 2009 by Mshinn (Talk | contribs)

Jump to: navigation, search

Contents

Disabling Mod_Security Globally

Step 1) Disable config file

 mv /etc/httpd/conf.d/00_mod_security.conf /etc/httpd/conf.d/00_mod_security.conf.disabled

Step 2) Restart Apache

 /etc/init.d/httpd restart


Disabling Mod_security per domain

Step 1) edit the vhost/vhost_ssl.conf for the domain

 vim /var/www/vhosts/<DOMAINNAME>/conf/vhost.conf

Step 2) Add the following

 SecRuleEngine Off

Step 3) Add vhost.conf to domain config

 /usr/local/psa/admin/bin/websrvmng -a

Step 4) Restart Apache

 /etc/init.d/httpd restart


Disable Mod_security on a global URL

Step 1) Create a global exclude file

 vim /etc/httpd/modsecurity.d/00_asl_custom_exclude.conf

Step 2) Add the LocationMatch for the url to exclude. Example: /server.php

 <LocationMatch /server.php>
     SecRuleEngine Off
 </LocationMatch>

Step 3) Restart apache

 /etc/init.d/httpd restart


Disable a Mod_security rule (or rules) for all applications in a single domain

Step 1) edit the vhost/vhost_ssl.conf for the domain

 vim /var/www/vhosts/<DOMAINNAME>/conf/vhost.conf

Step 2) Add the LocationMatch for the rule to exclude. Example, ruleid 950005

 <LocationMatch .*>
       SecRuleRemoveById 950005
 </LocationMatch>

If you want to disable multiple rules:

Step 2) Add the LocationMatch for the rule to exclude. Example, ruleids 950005 and 950006

 <LocationMatch .*>
       SecRuleRemoveById 950005
       SecRuleRemoveById 950006
 </LocationMatch>

Disable Mod_security rule for a specific application in a single domain

Step 1) edit the vhost/vhost_ssl.conf for the domain

 vim /var/www/vhosts/<DOMAINNAME>/conf/vhost.conf

Step 2) Add the LocationMatch for the rule to exclude. Example, ruleid 950005

 <LocationMatch /URL/path/to/application.php>
       SecRuleRemoveById 950005
 </LocationMatch>

Disable Mod_security rule for all domains

Use ASL utility to disable rule by ID. Example: 950005

 asl --disable-signature 950005

Note: This requires that Atomic Secured Linux be installed.

Disable Mod_security rules on a specific application, for a list of IPs

Step 1) edit the vhost/vhost_ssl.conf for the domain

 vim /var/www/vhosts/<DOMAINNAME>/conf/vhost.conf

Step 2) Add the LocationMatch for the rule to exclude.

 <LocationMatch /foo/bar.php>
       SecRule REMOTE_ADDR "@pmFromFile /etc/asl/whitelist" "nolog,phase:1,allow"
 </LocationMatch>

Step 3) Add IP to /etc/asl/whitelist

 echo "10.11.12.13" >> /etc/asl/whitelist

Or:

If you want to create a special whitelist for just that application:

Step 1) edit the vhost/vhost_ssl.conf for the domain

 vim /var/www/vhosts/<DOMAINNAME>/conf/vhost.conf

Step 2) Add the LocationMatch for the rule to exclude.

 <LocationMatch /foo/bar.php>
       SecRule REMOTE_ADDR "@pmFromFile /path/to/your/custom/whitelist_for_this_application" "nolog,phase:1,allow"
 </LocationMatch>

Step 3) Create your custom whitelist and add IP to /etc/asl/whitelist

 echo "10.11.12.13" >> /path/to/your/custom/whitelist_for_this_application

Keep in mind these custom lists are *not* managed by ASL, so if you want to add IPs to these lists you will need to do it from the command line.

Personal tools