[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Fwd: [Fedora-sysadmin-list] Web Security

forwarding to the correct list

----------  Forwarded Message  ----------

Subject: [Fedora-sysadmin-list] Web Security
Date: Friday 21 November 2008
From: "Damian Myerscough" <damian myerscough gmail com>
To: "Fedora Administration and Infrastructure project" <fedora-sysadmin-
list redhat com>
Hello All,

I have managed to get a bit of free time to create some simple rules
for mod_security
which would be suitable for the web servers which we are currently
running. I have wrote
some generic rules which should be compatible with all the web
servers. However, we could
write rules which are much stricter for the web applications that are
hosted off the web servers.

Let me know what people think about the rules that I have attached.

Just a note, the final rule should point to maybe a security notice...
it would currently just redirect users
to fedoraproject.org.

Damian Myerscough

# Basic configuration options 
SecRuleEngine On 
SecRequestBodyAccess On 
SecResponseBodyAccess Off 

# Debug log 
SecDebugLog /var/log/httpd/modsec_debug.log 
SecDebugLogLevel 0 

# Make sure URL Encoding/Decoding is valid
SecFilterCheckURLEncoding On
SecFilterCheckUnicodeEncoding On

# Check POST payload
SecFilterScanPOST On

# Prevent XSS Attacks
SecFilter "<(.|\n)+"

# Prevent SQL injection
SecFilter "(delete|insert)[[:space:]]+(from|into)"

# Prevent SSI Injection
SecFilter "\<\!--|#"

# Filter out the keywords /bin, /etc and /usr
SecFilter "/bin"
SecFilter "/etc"
SecFilter "/usr"

# Maximum request body size we will accept for buffering 
SecRequestBodyLimit 131072 

# Store up to 128 KB in memory 
SecRequestBodyInMemoryLimit 131072 

# Buffer response bodies of up to 512 KB in length 
SecResponseBodyLimit 524288

# Set Server Signature 
SecServerSignature "Fedora Web Server"

# Insepect the output for keywords "Defaced, hacked/h4cked, own/0wn" 
# Once a keyword has been detected then redirect them to somewhere and don't allow them to see the
# defacers message
SecFilterSelective OUTPUT "(deface|h[a4]ck]|[o0]wn\.)" deny,log,redirect:http://fedoraproject.org

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]