[[初期検出項目]]


現在位置: めでぃあきすらぼ » linux » apache » 初期検出項目
ソースの表示
最近の変更索引

サイト管理者

なみかわみやこ

LINK

Fool For the City
あんてな

はてな

はてなハイク
はてブ
はてなブログ

おすすめ

MisakiWorld
漫描き

更新履歴




[サーバー構築したくなったらここ]


ワンコdeBINGO

mod_securityは、いわゆるWAF(Web Application Firewall)の事

apacheのモジュールとして動作するので、CentOS 6やScientific Linux 6はEPELのリポジトリからインストールが出来る 

yum -y install mod_security

これだけだとセキュリティルールはインストールされないので以下もインストール 

yum -y install mod_security_crs

設定ファイルは 

/etc/httpd/conf.d/mod_security.conf

で作成作成されます

ルールファイルは 

/etc/httpd/modsecurity.d/

に保存されます。

設定を反映させるには必ずApacheを再起動してやる必要があるので注意 

service httpd restart

初期検出項目

  • modsecurity_crs_20_protocol_violations.conf

Invalid HTTP Request Line

HTTP Request Smuggling Attack

Request Body Parsing Failed

Content-Length HTTP header is not numeric

GET or HEAD requests with bodies

POST request must have a Content-Length header

ModSecurity does not support transfer encodings

URL Encoding Abuse Attack Attempt

Unicode Full/Half Width Abuse Attack Attempt

Proxy access attempt

Invalid character in request

  • modsecurity_crs_21_protocol_anomalies.conf

Request Missing a Host Header

Request Missing an Accept Header

Request Missing a User Agent Header

Request Containing Content, but Missing Content-Type header

Host header is a numeric IP address

Invalid request

  • modsecurity_crs_23_request_limits.conf

Too many arguments in request

  • modsecurity_crs_30_http_policy.conf

Method is not allowed by policy

Request content type is not allowed by policy

HTTP protocol version is not allowed by policy

URL file extension is restricted by policy

HTTP header is restricted by policy

ModSecurity does not support content encodings

  • modsecurity_crs_35_bad_robots.conf

Request Indicates a Security Scanner Scanned the Site

Rogue web site crawler

Request Indicates an automated program explored the site

  • modsecurity_crs_40_generic_attacks.conf

Session Fixation

Blind SQL Injection Attack

SQL Injection Attack

Cross-site Scripting (XSS) Attack

Remote File Access Attempt

System Command Access

System Command Injection

Injection of Undocumented ColdFusion Tags

LDAP Injection Attack

SSI injection Attack

PHP Injection Attack

Persistent Universal PDF XSS attack

Email Injection Attack

HTTP Response Splitting Attack

  • modsecurity_crs_45_trojans.conf

Backdoor access

  • modsecurity_crs_50_outbound.conf

Statistics Information Leakage

SQL Information Leakage

IIS Information Leakage

Zope Information Leakage

Cold Fusion Information Leakage

PHP Information Leakage

ISA server existence revealed

Microsoft Office document properties leakage

Directory Listing

ASP/JSP source code leakage

PHP source code leakage

Cold Fusion source code leakage

IIS installed in default location

The application is not available

WebLogic information disclosure

File or Directory Names Leakage

linux/apache/mod_security.txt · 最終更新: 2013/01/15 03:08 by miyako
ソースの表示以前のリビジョン
Media Manager文書の先頭へ



DMM.com電子書籍

CC Attribution-Share Alike 3.0 Unported
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0

- Media Kiss Lab -