Comments on: How To: Install mod_security

By: Mark

Mark — Sun, 24 Jun 2007 17:41:15 +0000

I wish that debianuser would have explained what he did to get it working.

By: debianuser

debianuser — Thu, 10 May 2007 20:32:15 +0000

Got it.

By: debianuser

debianuser — Thu, 10 May 2007 16:23:28 +0000

Need a little help. I am having trouble installing modsecurity 2.1.1 on my Debian machine. I installed using /usr/local/modsecurity/modsecurity-apache_2.1.1/apache2 apxs2 -n modsecurity -cia modsecurity.c which placed the modsecurity.so module in /etc/apache2/httpd.conf I placed the core ruleset in /etc/apache2/modsecurity But, when I try to start apache2 I get two syntax errors, one in apache2.conf which indicates: syntax errror on line 126 of /etc/apache2/apache2.conf: syntax error on line 6 of /etc/apache2/httpd.conf: Cannnot load /usr/lib/apache2/modules/modsecurity.so into server. /usr/lib/apache2/modules/modsecurity.so: undefined symbol msre_format_metadata

I had a previous install of modsecurity functioning but it became non-functional after I upgraded to etch and 2.6 kernel

Would like to get modsecurity functional again, hope someone can help. Thanks in advance

By: Apache

Apache — Wed, 07 Mar 2007 14:59:07 +0000

I strongly recommend that everyone puts mod_security in “detection only” mode for a week or two after installation, and for a day or so after any ruleset change — to work out all the false positives.

By: Jeremy

Jeremy — Tue, 06 Mar 2007 22:51:06 +0000

Yeah, I noticed REQUEST_BODY breaks when used in 1.8. I’m not interested in upgrading to ModSecurity 2.0 though, because 1.8 is supported by my distribution (Ubuntu) with security updates.

Besides, I can’t seem to find ModSecurity 2.0 packaged for Ubuntu, anyway.

It’s a shame the modsecurity.org site didn’t archive the 1.8 documentation. I’m feeling around blind here.

By: Ryan Barnett

Ryan Barnett — Tue, 06 Mar 2007 21:00:14 +0000

How about this for an answer - maybe… You most likely could back port SecRule rules to SecFilterSelective, however there are other variables that may affect them. There are new processing phases (request headers, request body, response headers, response body and logging) where you need to specify which phase the rule will run.

I will actually be creating a Migration from 1.X to 2.0 soon that will be posted on the ModSecurity website that will explain all of the differences between the two versions and provide tips for the migration process.

In the mean time, if you are contemplating migrating and aren’t sure exactly “why” you should upgrade, check out some of the docs on the http://www.modsecurity.org site. This link is for an interview that Ivan did for SecurityFocus on ModSecurity 2.0 and the new features - http://www.securityfocus.com/columnists/418. Also, I have some archived Webcast data under the training page that highlights Mod 2.0 - http://www.modsecurity.org/training/index.html.

Finally, I am hosting a live Webcast tomorrow called “Cool Rules” which will highlight some really interesting Mod rules that tackle complex web security issues such as -

- Inspecting Basic Auth Credentials
- Monitoring Form-based Authentication Failures
- Defending Web Services
- Proxy Failover Assistance
- Overview of Remo Tool (Rule Editor for ModSecurity)

If you are interested, you can get the Webcast registration info on the Mod training page (link above).

Cheers,
â€“
Ryan C. Barnett
ModSecurity Community Manager
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
Author: Preventing Web Attacks with Apache

By: Jeremy

Jeremy — Mon, 05 Mar 2007 22:38:17 +0000

Ah, cool, does that mean I can plug-and-play a newer rule set in an older version just by renaming all occurrences of ‘SecRule’ with ‘SecFilterSelective’?

By: Ryan Barnett

Ryan Barnett — Mon, 05 Mar 2007 14:15:03 +0000

One comment - it is important to mention that ModSecurity 2.X has a different Rules Language. One specific example - SecFilter and SecFilterSelective are now replaced with just SecRule (which has the same syntax as SecFilterSelective). This, however, means that you can not just “plug-n-play” previous rules. Some of the rules that you are referencing are for the older 1.X branch.

FYI - the 2.1.0 version now comes bundled with the Core Rules (http://www.modsecurity.org/projects/rules/index.html) which provide great protection for a wide variety of attacks.

I hope this info helps.

–
Ryan C. Barnett
ModSecurity Community Manager
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
Author: Preventing Web Attacks with Apache

By: WeblogToolsCollection EspaÃ±ol » Blog Archive » Tutorial: cÃ³mo instalar mod_security

Mon, 05 Mar 2007 13:09:22 +0000

[...] [Entrada traducida. Original.] [...]

By: Ruslan Abuzant

Ruslan Abuzant — Mon, 05 Mar 2007 09:00:21 +0000

Thank you for the nice reading, i remember the old days with FreeBSD and the huge time it required to fulfill all those dependency needs to get a new mod_something installed.. Now Fedora makes it much easier.. Whoora

By: How To: Install mod_security » Techtites

How To: Install mod_security » Techtites — Mon, 05 Mar 2007 05:52:24 +0000

[...] To: Install mod_security How To: Install mod_security takes you through the installation of mod_security, the web application firewall for Apache. [...]

By: Ajay

Ajay — Mon, 05 Mar 2007 05:49:38 +0000

Hey, thanks for the tutorial Mark. I got my host to do the dirty work but it sure helps to know how to do it manually.

By: Jeremy

Jeremy — Mon, 05 Mar 2007 02:58:25 +0000

Ubuntu (6.06.1) has mod_security 1.8.7. This doesn’t appear to support the ‘fun rules’ you linked to at gotroot.com.