mod_securityは、いわゆるWAF(Web Application Firewall)の事
apacheのモジュールとして動作するので、CentOS 6やScientific Linux 6はEPELのリポジトリからインストールが出来る
yum -y install mod_security
これだけだとセキュリティルールはインストールされないので以下もインストール
yum -y install mod_security_crs
設定ファイルは
/etc/httpd/conf.d/mod_security.conf
で作成作成されます
ルールファイルは
/etc/httpd/modsecurity.d/
に保存されます。
設定を反映させるには必ずApacheを再起動してやる必要があるので注意
service httpd restart
HTTP Request Smuggling Attack
Request Body Parsing Failed
Content-Length HTTP header is not numeric
GET or HEAD requests with bodies
POST request must have a Content-Length header
ModSecurity does not support transfer encodings
URL Encoding Abuse Attack Attempt
Unicode Full/Half Width Abuse Attack Attempt
Proxy access attempt
Invalid character in request
Request Missing an Accept Header
Request Missing a User Agent Header
Request Containing Content, but Missing Content-Type header
Host header is a numeric IP address
Invalid request
Request content type is not allowed by policy
HTTP protocol version is not allowed by policy
URL file extension is restricted by policy
HTTP header is restricted by policy
ModSecurity does not support content encodings
Rogue web site crawler
Request Indicates an automated program explored the site
Blind SQL Injection Attack
SQL Injection Attack
Cross-site Scripting (XSS) Attack
Remote File Access Attempt
System Command Access
System Command Injection
Injection of Undocumented ColdFusion Tags
LDAP Injection Attack
SSI injection Attack
PHP Injection Attack
Persistent Universal PDF XSS attack
Email Injection Attack
HTTP Response Splitting Attack
SQL Information Leakage
IIS Information Leakage
Zope Information Leakage
Cold Fusion Information Leakage
PHP Information Leakage
ISA server existence revealed
Microsoft Office document properties leakage
Directory Listing
ASP/JSP source code leakage
PHP source code leakage
Cold Fusion source code leakage
IIS installed in default location
The application is not available
WebLogic information disclosure
File or Directory Names Leakage