Knowledgebase

Knowledgebase

Portal Home > Knowledgebase > Articles Database > Mod Security


Mod Security




Posted by bibook, 07-30-2009, 11:43 AM
I try to use mod_security to prevent some script in some files, imagine I want to block all scripts includes "test" in the body so if code of script.php is : and someone run script.php , I want block running and show 406 error now can you tell me how can I write this rule in mod_security 2 with apache 2 ? I use SecRule RESPONSE_BODY "test" but its now working ... Thank you in advance
Posted by khunj, 07-30-2009, 01:05 PM
Did you enable SecResponseBodyAccess ? You'll need also to use the 'phase:4' action. Note that loading your pages will be slow, in some cases it could even been horribly slow.
Posted by foobic, 07-30-2009, 07:56 PM
Agreed - mod_security isn't a good way to do this. Have you thought about running a cron job to periodically search the web files? eg. something like:
Posted by bibook, 07-31-2009, 01:28 AM
where shall I write this code and enable SecResponseBodyAccess ? what do you mean phase:4 action ? thanks
Posted by khunj, 07-31-2009, 04:11 AM
Add the line anywhere inside your modsecurity configuration file, preferably on top of other rules. Then add your custom rule :
Posted by bibook, 07-31-2009, 05:24 PM
thanks 2 more question do you have any reference regarding phase:4&... ? I want to learn more about it second thing, it seems mod security rules are case sensitive , Am I right ? I mean when ever we write SecRule RESPONSE_BODY "test" "phase:4,...." if in our code have "TeSt" it doesn't detect how we can solve this problem ?
Posted by khunj, 08-01-2009, 01:53 AM
RTFM - Processing Phases - lowercase or regexp
Posted by bibook, 08-01-2009, 02:51 AM
any idea about case sensitive ?
Posted by khunj, 08-01-2009, 02:17 PM
This is explained in the 2nd and 3rd links I posted : - use 'lowercase' to convert output to lowercases and then compare it with the string you are looking for. or - use regexp with '?i'.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Promotional SMS texting (Views: 1494)
Network Security (Views: 556)
Google's This site may harm your computer alerts for server admins ? (Views: 596)
Need advice with HostGator reseller (Views: 540)
Which open source is good for VPN server ? (Views: 565)


Language:

Contact us

Copyright © 2018 DC International LLC. - All Rights Reserved.