#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2013
    Posts
    8
    Rep Power
    0

    Exclamation Recommended Best mod_security Rules for Secure Web Servers


    We often have requests to configure the “best rules” for mod_security. Mod_security is a popular Apache plugin that serves as a Web Application Firewall, screening requests coming in to the webserver based on a set of configurable rules.

    Because every website and application has slightly different circumstances, which will require some fine-tuning of the rules, there is no "best" ruleset. However, I want to share the rules below, which are a good basic set to use on a web server to enhance security.

    You should copy the entire text of these rules (or whichever rules you would like to activate) into your*modsec2.user.conf*configuration file, or the configuration file your mod_security installation has setup for user-configurable rules.

    If you do not have mod_security installed, it's very easy to configure with ConfigServer's free ModSecurity plugin for cPanel: http://configserver.com/cp/cmc.html

    Try the rules below, for example:

    SecRule ARGS {php} "severity:4,log,deny,id:6624001"
    SecRule ARGS eval "severity:4,log,deny,id:6624002"
    SecRule ARGS base64_decode "severity:4,log,deny,id:6624003"
    SecRule REQUEST_URI|ARGS|REQUEST_BODY "base64_decode" "severity:4,log,deny,msg:'Access Denied'id:'6624009'"
    SecRule REQUEST_URI|ARGS|REQUEST_BODY "eval" "severity:4,log,deny,msg:'Access Denied'id:'6624010'"
    SecRule REQUEST_URI|ARGS|REQUEST_BODY "{php}" "severity:4,log,deny,msg:'Access Denied'id:'6624011'"
    For the full ruleset, which is difficult to post due to its "explicit" content, and additional rules for securing against SQL injection attacks, check the updated mod_security rules in our knowledgebase.

    Of course, like I mentioned, every application has different web security needs. What do you think about mod_security's effectiveness and ease of use?
  2. #2
  3. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2012
    Location
    Sweden
    Posts
    275
    Rep Power
    3

    Thumbs up


    ConfigServer's ModSec Control is definitely powerful and easy tool and highly recommended for small hosting providers and resellers.
    Especially if you host multiple websites, you can manage different rules by users, domains or globally.
    Reliable UK web hosting from €1.99 /mo.
    Reseller hosting from €9.99 /mo.
    VPS hosting from €7.99 /mo.
    24x7 Professional Support & 15-Day Money Back Guarantee!

    EURO-SPACE - Reliable Hosting Solutions Since 2007

IMN logo majestic logo threadwatch logo seochat tools logo