aniyan.rajan6 at gmail.com
Fri Jul 11 06:37:55 UTC 2014
On 07/11/2014 11:38 AM, Mr XYZ 123 wrote:
> If you have small website / static website of few web pages,, then you
> can secure that without mod_security also.
> In small websites attacker aims at admin panel.. or database.
> So you can restrict its admin panel login with htaccess to your office
> IP only..
> , redirect 403 to 404 error, etc
> because mod_security is using thousands of rules..
Yes, I have a small website in a VPS. I am not using an admin panel like
cPanel. I use ssh with sshkeys from my office.
> but if still you want to use mod_security
> you can try sample of rules which i've used for small purpose drupal
> based website
> /[root at xyz.abc ]# cat /etc/httpd/modsecurity.d/security.conf/
> ##Custom Rules
> <IfModule mod_security2.c>
> SecRuleEngine On
> SecTmpDir /tmp
> SecDataDir /tmp
> SecAuditLog /var/log/httpd/modsec_audit_log
> #Showing Custom Server Name
> SecServerSignature "Microsoft-IIS/5.0"
> #Allowing following objects
> SecRule REQUEST_BASENAME "\.(jpg|gif|png|js|otf|woff|ttf|ico|css)$"
> #Blocking Basic XSS attempt in url
> SecRule REQUEST_URI|ARGS|REQUEST_BODY "script%3E"
> "id:3,phase:1,log,deny,msg:'Script Tag XSS',status:404"
> SecRule REQUEST_URI|ARGS|REQUEST_BODY "%73%63%72%69%70%74%3e"
> "id:5,phase:1,log,deny,msg:'Script Tag XSS',status:404"
> #Blocking Basic SQL Injection Attempt
> SecRule REQUEST_URI "'" "id:6,phase:1,log,deny,msg:'Sql injection
> SecRule REQUEST_URI "%27" "id:7,phase:1,log,deny,msg:'Sql injection
> SecRule REQUEST_URI "sleep" "id:8,phase:1,log,deny,msg:'Sql injection
> And also mod_security will restrict user with 403/404.. as same in
> your logs.. script kiddie is already facing error with 404.. so i
> think mod_security implementation is not neccessary for thi slittle issue.
I had a domain which was spammed long ago. I was using fail2ban and
modsecurity together to catch the attacker. Like if the modsecurity
gives a 403 three times, then I will ban that IP using fail2ban.
Now, this is my new domain and a new VPS. So as per your opinion, do you
want me to ignore these http requests as using modsecurity will also
give a 403/404 ?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-modsecurity-core-rule-set