Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Introduction to Mod Security
-Shruthi Kamath
Null Bangalore Meet - March
Who am I
• Co-Founder Infosecgirls (infosecgirls.in)
• Security Consultant at Synopsys
• Active member of Null Bangalore
•...
Agenda
• What is WAF?
• What is mod security?
• Mod security rules examples
• Setup
• Demo
Introduction to WAF
• A web application firewall is used as a security device
protecting the web server from attack.
• Web...
Source:
http://searchsecurity.techtarget.com/magazineContent/Comparative-Product-Review-Six-Web-Application-Firewalls
Introduction to Mod Security
• ModSecurity is a popular Open-source Web application
firewall (WAF).
• Originally designed ...
• The platform itself provides a rule configuration language
known as 'SecRules' .
• It is used for real-time monitoring, ...
Mod security rules
Rule Example 1 – XSS attack
• SecRule ARGS|REQUEST_HEADERS “@rx <script>” id:101,msg:
‘XSS Attack’,seve...
mod_security with Apache Set Up
on Ubuntu
• Ubuntu LAMP Server installation
• sudo apt-get install apache2
• sudo apt-get ...
Configuring mod_security
• nano /etc/modsecurity/modsecurity.conf
• SecRuleEngine DetectionOnly
• logs requests and doesn'...
Setting Up Rules
• ls -l /usr/share/modsecurity-crs/
• nano /etc/apache2/mods-enabled/modsecurity.conf
• Add the following...
• cd /usr/share/modsecurity-crs/activated_rules/
• ln -s /usr/share/modsecurity-
crs/base_rules/modsecurity_crs_41_xss_att...
Demo Time
Useful links
• http://www.modsecurity.org/about.html
• https://github.com/SpiderLabs/ModSecurity/wiki/Reference-
Manual
• ...
Thank You
Upcoming SlideShare
Loading in …5
×

Mod security

Introduction to Mod Security talk at the Null Monthly March meet.

  • Login to see the comments

Mod security

  1. 1. Introduction to Mod Security -Shruthi Kamath Null Bangalore Meet - March
  2. 2. Who am I • Co-Founder Infosecgirls (infosecgirls.in) • Security Consultant at Synopsys • Active member of Null Bangalore • Committee member at OWASP Women in Appsec • Twitter : @ShruthiKamath30
  3. 3. Agenda • What is WAF? • What is mod security? • Mod security rules examples • Setup • Demo
  4. 4. Introduction to WAF • A web application firewall is used as a security device protecting the web server from attack. • Web application firewalls (WAF) are an evolving information security technology designed to protect web sites from attack. • WAF solutions are capable of preventing attacks that network firewalls and intrusion detection systems can't. • They do not require modification of application source code.
  5. 5. Source: http://searchsecurity.techtarget.com/magazineContent/Comparative-Product-Review-Six-Web-Application-Firewalls
  6. 6. Introduction to Mod Security • ModSecurity is a popular Open-source Web application firewall (WAF). • Originally designed as a module for the Apache HTTP Server. • Used across a number of different platforms including Apache HTTP Server, Microsoft IIS and NGINX.
  7. 7. • The platform itself provides a rule configuration language known as 'SecRules' . • It is used for real-time monitoring, logging, and filtering of Hypertext Transfer Protocol communications based on user- defined rules. • ModSecurity is known to have the following capabilities: Security monitoring and access control Full HTTP traffic logging Security assessment Web application hardening Simple request or Regular expression based Filtering URL Encoding Validation
  8. 8. Mod security rules Rule Example 1 – XSS attack • SecRule ARGS|REQUEST_HEADERS “@rx <script>” id:101,msg: ‘XSS Attack’,severity:ERROR,deny,status:404 Rule Example 2 – Whitelist IP Address • SecRule REMOTE_ADDR “@ipMatch 192.168.1.101” id:102,phase:1,t:none,nolog,pass,ctl:ruleEngine=off
  9. 9. mod_security with Apache Set Up on Ubuntu • Ubuntu LAMP Server installation • sudo apt-get install apache2 • sudo apt-get install mysql-server • sudo apt-get install php5 libapache2-mod-php5 • sudo /etc/init.d/apache2 restart • apt-get install libapache2-modsecurity • apachectl -M | grep --color security • service apache2 reload • ls -l /var/log/apache2/modsec_audit.log
  10. 10. Configuring mod_security • nano /etc/modsecurity/modsecurity.conf • SecRuleEngine DetectionOnly • logs requests and doesn't block anything. • SecRuleEngine On • Blocks according to rule match. • SecResponseBodyAccess On • Buffer response bodies • SecRequestBodyLimit 13107200~ 12.5MB • specifies the maximum POST data size. • SecRequestBodyNoFilesLimit 131072~128KB • size of POST data minus file uploads • SecRequestBodyInMemoryLimit 131072 • maximum request body size that ModSecurity will store in memory
  11. 11. Setting Up Rules • ls -l /usr/share/modsecurity-crs/ • nano /etc/apache2/mods-enabled/modsecurity.conf • Add the following directives inside <IfModule security2_module> </IfModule>: • Include "/usr/share/modsecurity-crs/*.conf“ • Include "/usr/share/modsecurity- crs/activated_rules/*.conf"
  12. 12. • cd /usr/share/modsecurity-crs/activated_rules/ • ln -s /usr/share/modsecurity- crs/base_rules/modsecurity_crs_41_xss_attacks.conf • service apache2 reload
  13. 13. Demo Time
  14. 14. Useful links • http://www.modsecurity.org/about.html • https://github.com/SpiderLabs/ModSecurity/wiki/Reference- Manual • https://modsecurity.org/crs/
  15. 15. Thank You

×