35 replies to this topic

[Stian S]

Hmm, it can atleast hide your Apache version output (e.g. where it lists software versions, installed mods, php version etc).

[MacManX]

Is the mod_security module good for anything other than blocking keywords?

Yes, it is.

ModSecurity integrates with the web server, increasing your power to deal with web attacks. Some of its features worth mentioning are:

Overview

*Request filtering; incoming requests are analysed as they come in, and before they get handled by the web server or other modules.

*Anti-evasion techniques; paths and parameters are normalised before analysis takes place in order to fight evasion techniques.

*Understanding of the HTTP protocol; since the engine understands HTTP, it performs very specific and fine granulated filtering.

*POST payload analysis; the engine will intercept the contents transmitted using the POST method, too.

*Audit logging; full details of every request (including POST) can be logged for later analysis.

*HTTPS filtering; since the engine is embedded in the web server, it gets access to request data after decryption takes place.

http://www.modsecurity.org/

[Tangerine]

Is it possible to disable this feature? I want to install Simple Machines Forum on my website bute they say a lot of people encounter problems with mod_security

[jaseone]

On a shared server I don't like your chances of it being disabled, however the only problems you should have is if your members type certain commands like curl or wget as part of their posts and there are workarounds to get those through.

[Tangerine]

Aha, reading more carefully it is just that. I suppose it would cause the error when you try and post the message, so setting up a word filter wouldn't make a difference, but atleast it wouldn't cause disturbance for the entire community so it should be okay

[Stian S]

You don't have to filter POST requests tho (although this might be more insecure).

I suggest you read the mod_security FAQ/documentation. Should probably list up common problems.

[Rottweiler]

Is it possible to disable this feature? I want to install Simple Machines Forum on my website bute they say a lot of people encounter problems with mod_security

Old post..yes.

But...the problem seems to still exist.

I am running SMF 1.0.7.  It seems, from what I have been reading here that the "403" error and related problems I have been having today may indeed be firewall issues at the server level (my local firewall, Norton Internet Security 2006 suite, has not caused any problems).  These issues cropped up after Desmond came back up today; I don't recall having them before.

I am a real newbie at websites/discussion boards and their issues, so I don't want to be fooling around on my own with raw code...not yet, anyway.

So, should I go back to an earlier version of SMF (1.0.5x is what Fantastico installs; the 1.0.7 version is a post-install upgrade) and reinstall the database?  (What there is of it; I am the only one there since I will not tell people the URL until the board is running without problems.)  Or, should I just give up on SMF until I am more experienced at doing this stuff (and can handle raw code) and use another software package such as phpBB or vBulletin or IPB so I can actually get my project off the ground?

Yes...I did put in a "ticket" at tech support (by e-mail), and I am waiting to see what they can do.  But, I definetly want all the input I can get.   Right now I am so   about things, and I have had to do at least one reinstall already...

Somehow, I get the idea my avatar really should be this, placed just under my display name:  

I'll keep looking, but I do appreciate any input you may have.

[Orien]

Make or edit your SMF forum directory .htaccess.

CODE

<IfModule mod_security.c>
    SecFilterEngine Off
    SecFilterScanPOST Off
</IfModule>

[lammypie]

does anybody know how does the Virtuozzo Firewall compare with the APF firewall in terms of security and resources?

Chirs

[-ASO- Tim]

They are the same thing. It's just iptables and the two are frontends for it. Neither works any better.

I'd actually recommend looking at CSF: http://www.configserver.com/cp/csf.html It's designed for cPanel and integrates right into WHM. I just don't know if it supports VPS systems completely.

[zeug]

I'd actually recommend looking at CSF: http://www.configserver.com/cp/csf.html It's designed for cPanel and integrates right into WHM. I just don't know if it supports VPS systems completely.

Lots of vps are using it apparently, I've installed it and the WHM setup is cool. But iptables isn't configured properly, needs some modules added:

If your hosting provider wants to know how to configure iptables correctly on a VPS server, then you should point them to this Virtuosso FAQ and have them follow it (plus to add ip_conntrack_ftp to the list of required modules):
http://kb.swsoft.com/article_117_746_en.html

csf requires at least these iptables modules:

ip_tables
ipt_state
ipt_multiport
iptable_filter
ipt_limit
ipt_owner
ipt_LOG
ipt_REJECT
ipt_conntrack
ip_conntrack
ip_conntrack_ftp
iptable_mangle

Just wondering if anyone's using csf here yet and does the vps server's iptables need to be set up first? Any gotchas with other config options?

[comma]

I installed modsecurity as explained in aso wiki, but I can't find where configure it, as the aso wiki instructions

CODE

Configure
Login to WHM
Select the Addons button
Select Mod Security
Click Edit
Add your ModSecurity rules here.

look not corrispondent to whm 11, because I can't find the Addons button and the Modsecurity Edit button.

Can anybody can tell me where are they?
Thanks.

Edited by comma, 07 December 2007 - 11:30 AM.

[AndrewB]

I installed modsecurity as explained in aso wiki, but I can't find where configure it, as the aso wiki instructions

CODE

Configure
Login to WHM
Select the Addons button
Select Mod Security
Click Edit
Add your ModSecurity rules here.

look not corrispondent to whm 11, because I can't find the Addons button and the Modsecurity Edit button.

Can anybody can tell me where are they?
Thanks.

Look for Plugins for cPanel 11. In the menu frame on the left, it's at the very lower left corner. The VPS wiki docs are in sore need of updates.

Also, be sure to start a new thread for new topics, rather than following-up to older threads on unrelated topics.

[comma]

Thanks for your reply Andrew.

I installed ModSecurity as you wrote, but I didn't find where to set it.

The thread is old and next time I will start a new one, but I think it is related as almost all posts in it are about ModSecurity.

[harley]

I'm curious, why would you need a mod_security filtering POST data? Assuming validation/sanitation is performed prior to storing or operating on POST/GET values, what is the danger?

Only reason I could see using it would be for scripts I didn't write myself.

[AndrewB]

I'm curious, why would you need a mod_security filtering POST data? Assuming validation/sanitation is performed prior to storing or operating on POST/GET values, what is the danger?

Modsecurity can also provide generic protection using rules for HTTP request validation, protocol anomalies, detecting malicious attack attempts, etc.

http://www.modsecurity.org/projects/rules/index.html