Mar 13, 2012

Basic configuration for ModSecurity on OHS 11g - Ubuntu 10.04.2 LTS

Are you happy ? I hope so

On previous post in we have already install ModSecurity 2.x for Oracle HTTP Server 11g on Ubuntu Server 10.04. Today we will discovery how to enable that module and give it some basic instructions to protect our web application.

Last lesson, we've compiled source code to get an Shared Object file that named mod_security2.so, like this:
-rwxr-x--- 1 oracle oinstall 51743 2009-10-28 23:24 mod_proxy_http.so*
-rwxr-x--- 1 oracle oinstall 121357 2009-10-28 23:24 mod_proxy.so*
-rwxr-x--- 1 oracle oinstall 105741 2009-10-28 23:26 mod_rewrite.so*
-rwxr-xr-x 1 oracle oinstall 1288283 2012-02-28 17:21 mod_security2.so*
-rwxr-x--- 1 oracle oinstall 20244 2009-10-28 23:23 mod_setenvif.so*

The next step is configure Apache core to load that module on startup. Just look for httpd.conf file and try to edit something like this:
# Load module ModSecurity 2.x
LoadModule security2_module "${ORACLE_HOME}/ohs/modules/mod_security2.so"
Note this line:
include "moduleconf/*.conf"

I will make a new module configuration file named mod_sec.conf at moduleconf directory. This file has responsibility to define individual configurations for mod_security module.

$ ll total 4
-rw-r--r-- 1 oracle oinstall 0 2012-03-12 16:55 mod_sec.conf
-rw------- 1 oracle oinstall 1685 2011-11-25 22:53 plsql.conf

Add some lines:

# Enable Rule filter engine
SecRuleEngine On
# Enable check URL encoding
SecFilterCheckURLEncoding On
# SecFilterForceByteRange 0 255
SecAuditEngine RelevantOnly
SecAuditLog logs/modsec_audit.log
# Put log file here
SecDebugLog logs/modsec_debug.log
# Level 0 mean nothing to be logged
SecDebugLogLevel 0
# Set default Action for matched request/response, note the phase value, 2 mean REQUEST phase
SecDefaultAction “phase:2,deny,log,status:403″
# I will put any rules to this directory
Include “${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/moduleconf/mod_sec_rules/*.conf”
# I decided to use fake Server Signature to hide my feet
SecServerSignature “Microsoft IIS/5.0”


After all, just restart Apache kernel to apply changes.
Have fun.
Được đăng bởi / Posted by vào lúc / on
Nhãn / Labels: , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)