ABAKUS

Code: Alles auswählen

<IfModule mod_security.c>

    # Turn the filtering engine On or Off
    SecFilterEngine On

    # Make sure that URL encoding is valid
    SecFilterCheckURLEncoding On

    # Only allow bytes from this range
    SecFilterForceByteRange 32 126

    # The audit engine works independently and
    # can be turned On of Off on the per-server or
    # on the per-directory basis
    SecAuditEngine RelevantOnly

    # The name of the audit log file
    SecAuditLog logs/audit_log

    SecFilterDebugLog logs/modsec_debug_log
    SecFilterDebugLevel 0

    # Should mod_security inspect POST payloads
    SecFilterScanPOST On

    # Action to take by default
    SecFilterDefaultAction "deny,log,status&#58;406"

    # Redirect user on filter match
    SecFilter xxx redirect&#58;http&#58;//www.webkreator.com

    # Execute the external script on filter match
    SecFilter yyy log,exec&#58;/home/ivanr/apache/bin/report-attack.pl

    # Simple filter
    SecFilter 111
    
    # Only check the QUERY_STRING variable
    SecFilterSelective QUERY_STRING 222

    # Only check the body of the POST request
    SecFilterSelective POST_PAYLOAD 333

    # Only check arguments &#40;will work for GET and POST&#41;
    SecFilterSelective ARGS 444

    # Test filter
    SecFilter "/cgi-bin/keyword"

    # Another test filter, will be denied with 404 but not logged
    # action supplied as a parameter overrides the default action
    SecFilter 999 "deny,nolog,status&#58;404"

    # Prevent OS specific keywords
    SecFilter /etc/password

    # Prevent path traversal &#40;..&#41; attacks
    SecFilter "\.\./"

    # Weaker XSS protection but allows common HTML tags
    SecFilter "<&#40; |\n&#41;*script"

    # Prevent XSS atacks &#40;HTML/Javascript injection&#41;
    SecFilter "<&#40;.|\n&#41;+>"

    # Very crude filters to prevent SQL injection attacks
    SecFilter "delete&#91;&#91;&#58;space&#58;&#93;&#93;+from"
    SecFilter "insert&#91;&#91;&#58;space&#58;&#93;&#93;+into"
    SecFilter "select.+from"

    # Require HTTP_USER_AGENT and HTTP_HOST headers
    SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"

    # Forbid file upload
    SecFilterSelective "HTTP_CONTENT_TYPE" multipart/form-data

    # Only watch argument p1
    SecFilterSelective "ARG_p1" 555

    # Watch all arguments except p1
    SecFilterSelective "ARGS|!ARG_p2" 666

    # Only allow our own test utility to send requests &#40;or Mozilla&#41;
    SecFilterSelective HTTP_USER_AGENT "!&#40;mod_security|mozilla&#41;"

    # Do not allow variables with this name
    SecFilterSelective ARGS_NAMES 777

    # Do now allow this variable value &#40;names are ok&#41;
    SecFilterSelective ARGS_VALUES 888

    # Stop spamming through FormMail
    # note the exclamation mark at the beginning
    # of the filter - only requests that match this regex will
    # be allowed
    <Location /cgi-bin/FormMail>
        SecFilterSelective "ARG_recipient" "!@webkreator.com$"
    </Location>

    # when allowing upload, only allow images
    # note that this is not foolproof, a determined attacker
    # could get around this 
    <Location /fileupload.php>
        SecFilterInheritance Off
        SecFilterSelective POST_PAYLOAD "!image/&#40;jpeg|bmp|gif&#41;"
    </Location>

</IfModule>

Code: Alles auswählen

    # Only allow our own test utility to send requests (or Mozilla)
    SecFilterSelective HTTP_USER_AGENT "!(mod_security|mozilla)"