安裝
pkg install ap24-mod_security
----------
apache24啟用mod_security
*把註解拿掉
ee /usr/local/etc/apache24/modules.d/280_mod_security.conf
LoadModule unique_id_module libexec/apache24/mod_unique_id.so
LoadModule security2_module libexec/apache24/mod_security2.so
Include /usr/local/etc/modsecurity/*.conf
Include /usr/local/etc/modsecurity/activated_rules/*.conf
----------
抓取core rule set檔案
fetch https://github.com/coreruleset/coreruleset/archive/v3.3.0.tar.gz
tar zxvf v3.3.0.tar.gz
cd coreruleset-3.3.0
cp crs-setup.conf.example /usr/local/etc/modsecurity/
cd rules
cp * /usr/local/etc/modsecurity/
----------
重新啟動apache
service apache24 restart
----------
測試
開啟一個不存在的網頁
http://example.com/aaaa.php
or
curl -Ik https://example.tw/?abc=../../
可以在/var/log/modsec_audit.log看到紀錄
沒有留言:
張貼留言