1. 참고 사이트
https://www.rosehosting.com/blog/install-mod_security-with-the-owasp-core-rule-set-on-a-centos-vps/
https://www.vultr.com/docs/modsecurity-and-owasp-on-centos-6-and-apache2
https://www.enteroa.com/2015/02/07/195/
2. 소스 다운로드
wget https://www.modsecurity.org/tarball/2.9.1/modsecurity-2.9.1.tar.gz
yum install httpd-devel gcc ./con pcre-devel
./configure
make
make install
3. mod_security conf & unicode.mapping 파일 복사
cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf
cp unicode.mapping /etc/httpd/conf.d/
4. OWASP (Open Web Application Security Project) Rule set 설치
6.1.5 로 진행 권고
yum install gcc make httpd-devel libxml2 pcre-devel libxml2-devel curl-devel git
or
yum install git
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
mv owasp-modsecurity-crs modsecurity-crs
cd modsecurity-crs
cp crs-setup.conf.example crs-setup.conf
5. 정리된 Rule set / configure 복사
6.1.4 의 작업과 중복되며, 6.1.5 로 진행 권고
rsync -avz 172.27.0.24:/etc/httpd/conf.d/modsecurity.conf /etc/httpd/conf/
rsync -avz 172.27.0.24:/etc/httpd/modsecurity-crs.tgz /etc/httpd/
6. httpd.conf 추가
/etc/httpd/conf/httpd.conf
LoadModule security2_module modules/mod_security2.so
LoadModule unique_id_module modules/mod_unique_id.so
<IfModule security2_module>
Include modsecurity-crs/crs-setup.conf
Include modsecurity-crs/rules/*.conf
#<Location "/">
### Modifying a Ruleset/Disabling a Rule ID Example##
## SecRuleRemoveById 200000 300015
## SecRuleRemoveByMsg "Injection"
#</Location>
</IfModule>
7. php.ini 설정 변경
[Pcre]
;PCRE library backtracking limit.
; http://php.net/pcre.backtrack-limit
pcre.backtrack_limit=10000000
;PCRE library recursion limit.
;Please note that if you set this value to a high number you may consume all
;the available process stack and eventually crash PHP (due to reaching the
;stack size limit imposed by the Operating System).
; http://php.net/pcre.recursion-limit
pcre.recursion_limit=10000000
## modsecurity.conf설정 변경 ##
SecPcreMatchLimit 5000
SecPcreMatchLimitRecursion 5000
SecRuleEngine On ## DetectionOnly인 경우, 감시만 함
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType (null) text/html text/plain text/xml
#SecResponseBodyLimit 5242880
#SecRequestBodyNoFilesLimit 5242880
SecRequestBodyLimit 13107200
SecRequestBodyNoFilesLimit 131072
SecAuditLog /var/log/httpd/modsec_audit.log
SecDataDir /tmp
SecTmpDir /tmp
8. modsecurity 테스트
http://www.mediapic.net:8100/html/shop.php/?p="><script>alart(1);</script>
'Apache' 카테고리의 다른 글
| apache log 백업 (0) | 2025.03.11 |
|---|---|
| apache log 백업 (0) | 2025.03.11 |
| Mod_security 설치 (0) | 2025.03.11 |
| tomcat monitor 설정 (0) | 2025.03.10 |
| Apache 소스 설치 (0) | 2025.03.10 |