On a web site that is protected with ModSecurity, when admin edit HTML pages in admin area, ModSecurity falsely detect it as XSS attack. What we can do is disable specific rules that create this false positive. But in this case, it is bceause HTML is submitted. This application normally done need HTML submitted on […]
Install ModSecurity on Debian
To install ModSecurity on Debian/Ubuntu Apache web server, run
|
1 |
apt-get install libapache2-mod-security2 |
Restart Apache web server
|
1 |
service apache2 restart |
Verify mod_security installed with
|
1 |
apachectl -M | grep security |
To activate ModSecurity rules, run
|
1 |
cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf |
Edit
|
1 |
vi /etc/modsecurity/modsecurity.conf |
set
|
1 |
SecRuleEngine = on |
Get latest rules
|
1 2 |
mv /usr/share/modsecurity-crs /usr/share/modsecurity-crs.bk git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git /usr/share/modsecurity-crs |
Emable the config file
|
1 |
cp /usr/share/modsecurity-crs/crs-setup.conf.example /usr/share/modsecurity-crs/crs-setup.conf |
Edit file
|
1 |
vi /etc/apache2/mods-enabled/security2.conf |
Add
|
1 2 |
IncludeOptional /usr/share/modsecurity-crs/*.conf IncludeOptional "/usr/share/modsecurity-crs/rules/*.conf |
Restart Apache
|
1 |
service apache2 restart |
[…]
ModSecurity
Install ModSecurity on Debian Disable ModSecurity for a specific URL ModSecurity is a Web Application Firewall. Protect sites from SQL injection and Application level hacking. To install ModSecurity on Ubuntu/Debian with Apache, run
|
1 |
apt install libapache2-mod-security2 -y |
verify Apache module is installed with
|
1 |
apachectl -M | grep security |
Enable config file
|
1 |
mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf |
Update config
|
1 2 |
sed -i "s/SecRuleEngine DetectionOnly/SecRuleEngine On/" /etc/modsecurity/modsecurity.conf sed -i "s/SecResponseBodyAccess On/SecResponseBodyAccess Off/" /etc/modsecurity/modsecurity.conf |
Restart Apache
|
1 |
systemctl restart apache2 |
[…]