Mod_Security - how to configure

[postcd]

I have installed this Mod via Easy Apache. How i should configure it now?
In the menu there is new entry Mod Security under plugins.
When i click Edit Config button, the text area field is empty. What should i enter there?

Im hosting Wordpress, PHPBB, vBulletin, mybb and few other scripts. Im also using ConfigServerSecurity&Firewall.

 

[Infopro]

When i click Edit Config button, the text area field is empty. What should i enter there?

On this page, click "Default Configuration" link at top to automagically populate this section. Scroll down and click Save Configuration now and you're all set.

If you find that you need more control over how your new rules work on a per account basis, you might like to know about CMC: ConfigServer ModSecurity Control

 

[szk]

Hello,
I am not familiar with mod_security, but in "Default Configuration" i can see the settings that I should not use and do not need,
Question is silly but, If I delete entire rule from Default Configuration and leave only for eg # Blind SQL injection,
will mod_security only apply that rule, and will it work without all other rules? also if it works that way, if I set "No Configuration" mod_security will be inactive ?
Sorry for stupid question, but I can try this only on live, so i can not afford mistake
Thanks

 

[Infopro]

i can see the settings that I should not use and do not need,

You need them.

will mod_security only apply that rule, and will it work without all other rules?

Yes.

if I set "No Configuration" mod_security will be inactive ?

No, its active if you choose to install it with EasyApache. It can't be of any use without rules though.

but I can try this only on live, so i can not afford mistake

Back that file up for safe keeping. Copy it, paste it into a text file before you touch it. You can't go wrong with backups.

HTH!

 

[szk]

Thanks for valuable information, works fine, now i have another question, i have 4 accounts on one server but mod_security affects only one, where is catch ? how can i set mod_security to affect all the accounts on server with same settings?

 

[Infopro]

No way of knowing without knowing whats being affected. In post #2 above, is a link to a tool you would probably have good use for by the sound of it though.

For example, you've got that installed > issue with one account and mod_sec, you see the rule ID in your log, use CMC to disable that one rule, for that one site.

Mod_Security is as complex as you think it is, or, not too awful bad to understand if you look at it from across the room a bit. The docs and comments are plentiful on the topic.

Good luck!

 

[ANKUR KUMAR]

I was about to ask a question , but seems Infopro have already answered

Where can i get more set of rules for added security ** Atomicorp provide this , but is there any free source ?

 

[Astral God]

The Atomicorp Delayed Rules are provided for free.

 

[ANKUR KUMAR]

Hi Astral , Thanks for reply...

Help figure out exact page where they have given those rules ..and the way to implement them . I went to their website ...

Every where they have concentrated more on paid set of rules and rarely the required is visible .
Thank you in advance !

 

[Infopro]

Lots of details on how to implement the rules, here on this forum and on the site where you can grab the delayed rules.

http://updates.atomicorp.com/channels/rules/delayed/

 

[icandoit]

I can't access this site

Ok I could see it with IE