Name | Date | Size | #Lines | LOC | ||
---|---|---|---|---|---|---|
.. | 03-May-2022 | - | ||||
.github/ISSUE_TEMPLATE/ | H | 04-Dec-2018 | - | 95 | 57 | |
alp2/ | H | 04-Dec-2018 | - | 2,872 | 1,981 | |
apache2/ | H | 04-Dec-2018 | - | 58,768 | 44,402 | |
build/ | H | 04-Dec-2018 | - | 26,708 | 21,469 | |
doc/ | H | 03-May-2022 | - | 10,272 | 7,988 | |
ext/ | H | 04-Dec-2018 | - | 1,590 | 1,154 | |
iis/ | H | 04-Dec-2018 | - | 8,909 | 7,535 | |
mlogc/ | H | 03-May-2022 | - | 3,629 | 2,708 | |
nginx/ | H | 04-Dec-2018 | - | 2,047 | 1,461 | |
standalone/ | H | 04-Dec-2018 | - | 6,313 | 4,980 | |
tests/ | H | 04-Dec-2018 | - | 43,219 | 41,689 | |
tools/ | H | 03-May-2022 | - | 1,716 | 1,258 | |
CHANGES | H A D | 04-Dec-2018 | 77.4 KiB | 1,972 | 1,322 | |
LICENSE | H A D | 04-Dec-2018 | 10.5 KiB | 191 | 160 | |
Makefile.am | H A D | 04-Dec-2018 | 1.2 KiB | 53 | 42 | |
Makefile.in | H A D | 04-Dec-2018 | 30 KiB | 939 | 839 | |
NOTICE | H A D | 04-Dec-2018 | 200 | 6 | 4 | |
README.md | H A D | 04-Dec-2018 | 3.9 KiB | 71 | 44 | |
README_WINDOWS.md | H A D | 04-Dec-2018 | 7.1 KiB | 195 | 134 | |
aclocal.m4 | H A D | 04-Dec-2018 | 53.5 KiB | 1,502 | 1,363 | |
autogen.sh | H A D | 04-Dec-2018 | 371 | 18 | 9 | |
configure | H A D | 03-May-2022 | 539.9 KiB | 18,649 | 15,635 | |
configure.ac | H A D | 04-Dec-2018 | 25.6 KiB | 951 | 868 | |
modsecurity.conf-recommended | H A D | 04-Dec-2018 | 8.2 KiB | 227 | 180 | |
stamp-h1 | H A D | 04-Dec-2018 | 40 | 2 | 1 | |
unicode.mapping | H A D | 04-Dec-2018 | 51.9 KiB | 97 | 60 |
README.md
1ModSecurity for Apache 2.x 2====== 3 4http://www.modsecurity.org/ 5 6Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) 7 8You may not use this file except in compliance with the License. You may obtain a copy of the License at: https://www.apache.org/licenses/LICENSE-2.0 9 10If any of the files related to licensing are missing or if you have any other questions related to licensing please contact Trustwave Holdings, Inc. directly using the email address: security@modsecurity.org. 11 12 13## Documentation 14 15Please refer to: [the documentation folder](https://github.com/SpiderLabs/ModSecurity/tree/v2/master/doc) for the reference manual. 16 17## OWASP ModSecurity Core Rule Set (CRS) 18 19Project Site: https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project 20 21Download: https://github.com/SpiderLabs/owasp-modsecurity-crs 22 23ModSecurity™ is a web application firewall engine that provides very little protection on its own. In order to become useful, ModSecurity™ must be configured with rules. In order to enable users to take full advantage of ModSecurity™ out of the box, Trustwave's SpiderLabs is providing a free certified rule set for ModSecurity™ 2.x. 24 25Unlike intrusion detection and prevention systems, which rely on signatures specific to known vulnerabilities, the Core Rules provide generic protection from unknown vulnerabilities often found in web applications, which are in most cases custom coded. The Core Rules are heavily commented to allow it to be used as a step-by-step deployment guide for ModSecurity™. 26 27### Core Rules Content 28 29In order to provide generic web applications protection, the Core Rules use the following techniques: 30 31* **HTTP Protection** - detecting violations of the HTTP protocol and a locally defined usage policy. 32* **Real-time Blacklist Lookups** - utilizes 3rd Party IP Reputation 33* **Web-based Malware Detection** - identifies malicious web content by check against the Google Safe Browsing API. 34* **HTTP Denial of Service Protections** - defense against HTTP Flooding and Slow HTTP DoS Attacks. 35* **Common Web Attacks Protection** - detecting common web application security attack. 36* **Automation Detection** - Detecting bots, crawlers, scanners and other surface malicious activity. 37* **Integration with AV Scanning for File Uploads** - detects malicious files uploaded through the web application. 38* **Tracking Sensitive Data** - Tracks Credit Card usage and blocks leakages. 39* **Trojan Protection** - Detecting access to Trojans horses. 40* **Identification of Application Defects** - alerts on application misconfigurations. 41* **Error Detection and Hiding** - Disguising error messages sent by the server. 42 43## ModSecurity Rules from Trustwave SpiderLabs 44 45Project Site: https://www.trustwave.com/modsecurity-rules-support.php 46 47Download: https://ssl.trustwave.com/web-application-firewall 48 49Trustwave now provides a commercial certified rule set for ModSecurity 2.x that protects against known attacks that target vulnerabilities in public software and are based on intelligence gathered from real-world investigations, honeypot data and research. 50 511. More than 16,000 specific rules, broken out into the following attack categories: 52 53 * SQL injection 54 * Cross-site Scripting (XSS) 55 * Local File Include 56 * Remote File Include 57 582. User option for application specific rules, covering the same vulnerability classes for applications such as: 59 60 * WordPress 61 * cPanel 62 * osCommerce 63 * Joomla 64 * For a complete listing of application coverage, please refer to this link (which is updated daily): https://modsecurity.org/application_coverage.html 65 663. Complements and integrates with the OWASP Core Rule Set 67 684. IP Reputation capabilities which provide protection against malicious clients identified by the Trustwave SpiderLabs Distributed Web Honeypots 69 705. Malware Detection capabilities which prevent your web site from distributing malicious code to clients. 71
README_WINDOWS.md
1 2## ModSecurity 2.x Command-line build notes for Windows 3 4by Tom Donovam, 4/2/2011 5 6 7## Prerequisites: 8 9Dependency | Tested with | Note 10----|------|---- 11Microsoft Visual Studio C++ | Visual Studio 2013 (aka VC12) | 12[CMake build system](http://www.cmake.org/) | CMake v3.8.2 | 13[Apache 2.4.x](http://httpd.apache.org/) | Apache 2.4.27 | Apache must be built from source using the same Visual Studio compiler as mod_security. 14[PCRE, Perl Compatible Regular Expression library](http://www.pcre.org/) | PCRE v8.40 15[LibXML2](http://xmlsoft.org/) | LibXML2 v2.9.4 | 16[Lua Scripting Language](http://www.lua.org/) | Lua v5.3.4 17[cURL multiprotocol file transfer library](http://curl.haxx.se/) | cURL v7.54.0 18 19 20## Before building 21 22The directory where you build software from source ( ``C:\work`` in this exmaple) 23must contain the Apache source you used to build the Apache web serverand the mod_security source 24 25 Apache source is in C:\work\httpd-2.4.27 in this example. 26 Apache has been installed to C:\Apache2427 in this example. 27 Mod_security source is in C:\work\mod_security in this example. 28 29## Download and untar the prerequisite library sources: 30 31 Download pcre-8.40.tar.gz from ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/ 32 untar it into C:\work\ creating C:\work\pcre-8.40 33 34 Download libxml2-2.9.4.tar.gz from ftp://xmlsoft.org/libxml2/ 35 untar it into C:\work\ creating C:\work\libxml2-2.9.4 36 37 Download lua-5.3.4.tar.gz from http://www.lua.org/ftp/ 38 untar it into C:\work\ creating C:\work\lua-5.3.4 39 40 Download curl-7.54.0.tar.gz from http://curl.haxx.se/download.html 41 untar it into C:\work\ creating C:\work\curl-7.54.0 42 43## Setup your build environment: 44 451. The ``PATH`` environment variable must include the Visual Studio variables as set by ``vsvars32.bat`` 46 472. The ``PATH`` environment variable must also include the CMAKE ``bin\`` directory 48 493. Set an environment variable to the Apache source code directory: 50 51``` 52 SET HTTPD_BUILD=C:\work\httpd-2.4.27 53``` 54 55### Optional: 56 57If OpenSSL and zlib support were included when you built Apache 2.4, and you want them available to LibXML2 and cURL 58 591. Ensure that cURL and LibXML2 can find the OpenSSL and zlib includes and libraries that Apache was built with. 60 61``` 62 SET INCLUDE=%INCLUDE%;%HTTPD_BUILD%\srclib\openssl\inc32;%HTTPD_BUILD%\srclib\zlib 63 SET LIB=%LIB%;%HTTPD_BUILD%\srclib\openssl\out32dll;%HTTPD_BUILD%\srclib\zlib 64``` 65 662. Ensure that cURL and libXML2 don't use the static zlib library: ``zlib.lib``. Force cURL and libXML2 to use ``zdll.lib`` instead, requiring ``zlib1.dll`` at runtime: 67 68``` 69 IF EXIST %HTTPD_BUILD%\srclib\zlib\zlib.lib DEL %HTTPD_BUILD%\srclib\zlib\zlib.lib 70``` 71 72## Build 73 74### PCRE-8.40 75 76 CD C:\work\pcre-8.40 77 CMAKE -G "NMake Makefiles" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_SHARED_LIBS=True 78 NMAKE 79 80### LibXML2-2.9.4 81 82 CD C:\work\libxml2-2.9.4\win32 83 CSCRIPT configure.js iconv=no vcmanifest=yes zlib=yes 84 NMAKE -f Makefile.msvc 85 86### Lua-5.3.4 87 88 CD C:\work\lua-5.3.4\src 89 CL /Ox /arch:SSE2 /GF /GL /Gy /FD /EHsc /MD /Zi /TC /wd4005 /D "_MBCS" /D "LUA_CORE" /D "LUA_BUILD_AS_DLL" /D "_CRT_SECURE_NO_WARNINGS" /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_WIN32" /D "_WINDLL" /c *.c 90 DEL lua.obj luac.obj 91 LINK /DLL /LTCG /DEBUG /OUT:lua5.1.dll *.obj 92 IF EXIST lua5.1.dll.manifest MT -manifest lua5.1.dll.manifest -outputresource:lua5.1.dll;2 93 94### cURL-7.54.0 95 96 CD C:\work\curl-7.54.0 97 CMAKE -G "NMake Makefiles" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_SHARED_LIBS=True -DCURL_ZLIB=True 98 NMAKE 99 100### ModSecurity-2.9.x 101 102 CD C:\work\mod_security\apache2 103 NMAKE -f Makefile.win APACHE=C:\Apache2427 PCRE=C:\work\pcre-8.40 LIBXML2=C:\work\libxml2-2.9.4 LUA=C:\work\lua-5.3.4\src 104 105## Install ModSecurity and run Apache 106 107Copy these five files to ``C:\Apache2427\bin``: 108 109 C:\work\pcre-8.40\pcre.dll C:\Apache2427\bin\ 110 C:\work\lua-5.3.4\src\lua5.1.dll C:\Apache2427\bin\ 111 C:\work\libxml2-2.9.4\win32\bin.msvc\libxml2.dll C:\Apache2427\bin\ 112 C:\work\curl-7.54.0\libcurl.dll C:\Apache2427\bin\ 113 C:\work\mod_security\apache2\mlogc-src\mlogc.exe 114 115Copy this one file to ``C:\Apache2427\modules``: 116 117 C:\work\mod_security\apache2\mod_security2.so 118 119You may also copy ``C:\work\curl-7.54.0\curl.exe`` to ``C:\Apache2427\bin``, if you want to use the cURL command-line program. 120 121Download the core rules from http://sourceforge.net/projects/mod-security/files/modsecurity-crs/0-CURRENT/ and unzip them into ``C:\Apache2427\conf\modsecurity_crs`` 122 123Add configuration directives to your Apache conf\httpd.conf: 124 125 # mod_security requires mod_unique_id 126 LoadModule unique_id_module modules/mod_unique_id.so 127 128 # mod_security 129 LoadModule security2_module modules/mod_security2.so 130 <IfModule security2_module> 131 SecRuleEngine On 132 SecDataDir logs 133 Include conf/modsecurity_crs/*.conf 134 Include conf/modsecurity_crs/base_rules/*.conf 135 SecAuditEngine RelevantOnly 136 SecAuditLogRelevantStatus "^(?:5|4\d[^4])" 137 SecAuditLogType Serial 138 SecAuditLogParts ABCDEFGHZ 139 SecAuditLog logs/modsecurity.log 140 </IfModule> 141 142## Optional: Build and configure the ModSecurity-2.x MLOGC piped-logging program 143 144Edit the top of ``C:\work\mod_security\apache2\mlogc-src\Makefile.win`` and set your local paths 145 146 # Path to Apache httpd installation 147 BASE = C:\Apache2427 148 149 # Paths to required libraries 150 PCRE = C:\work\pcre-8.40 151 CURL = C:\work\curl-7.54.0 152 153 # Linking libraries 154 LIBS = $(BASE)\lib\libapr-1.lib \ 155 $(BASE)\lib\libaprutil-1.lib \ 156 $(PCRE)\pcre.lib \ 157 $(CURL)\libcurl_imp.lib \ 158 wsock32.lib 159 160Build the ``mlogc.exe`` program: 161 162 CD C:\work\mod_security_trunk\mlogc 163 NMAKE -f Makefile.win 164 165Copy ``mlocg.exe`` to ``C:\Apache2427\bin\`` 166 167Create a new command file ``C:\Apache2427\bin\mlogc.bat`` with one line: 168 169 C:\Apache2427\bin\mlogc.exe C:\Apache2427\conf\mlogc.conf 170 171Create a new configuration file ``C:\Apache2427\conf\mlogc.conf`` to control the piped-logging program ``mlogc.exe``. 172Here is an example ``conf\mlogc.conf``: 173 174 CollectorRoot "C:/Apache2427/logs" 175 ConsoleURI "https://localhost:8888/rpc/auditLogReceiver" 176 SensorUsername "test" 177 SensorPassword "testtest" 178 LogStorageDir "data" 179 TransactionLog "mlogc-transaction.log" 180 QueuePath "mlogc-queue.log" 181 ErrorLog "mlogc-error.log" 182 LockFile "mlogc.lck" 183 KeepEntries 0 184 ErrorLogLevel 2 185 MaxConnections 10 186 MaxWorkerRequests 1000 187 TransactionDelay 50 188 StartupDelay 5000 189 CheckpointInterval 15 190 ServerErrorTimeout 60 191 192Change the SecAuditLog directive in ``conf\httpd.conf`` to pipe the log data to mlogc instead of writing them to a file: 193 194 SecAuditLog |C:/Apache2427/bin/mlogc.bat 195