mod_security for beginners

P

PeWiWa

I set up an apache22 from the current 8.2 release and installed mod_security from the ports. All went fine, no obvious errors.

But, I can't see any effect of mod_security and I don't know whether it is on or off.

Does anybody have some starting hints for me? The documentation seems to be a litte outdated and lacks of examples, esp. for a simple start.

I want to know what exactly has to be done in (as simple as possible)

- httpd.conf
- mod_security configfiles
- /var/asl/...? Nothing in documentation and sample configs, but neccessary
to get it running and see the results in the logfiles.

Please help.

Peter
 
Ok, it is solved. Your links were helpful, thanks.

My solution:

The rules didn't work out of the box (in my installation), I had to add some settings to get them running:

1. get rid of Pcre-Error:
Code: 
SecPcreMatchLimit 150000
SecPcreMatchLimitRecursion 150000
2. Some missing settings:
Code: 
SecDataDir /var/asl/data/msa
SecUploadDir /var/asl/data/suspicious
SecAuditLogStorageDir /var/asl/data/audit
(chown www <the above dirs>)
SecTmpDir /tmp
SecAuditLog /var/log/http-modsec2_audit.log
SecDebugLog /var/log/http-modsec2_debug.log
After that ist was running without errors and (!) detecting attacks.

Peter
 
You must log in or register to reply here.
Back
Top