Gaiacom_LC
Member
We often have requests to configure the “best rules” for mod_security. Mod_security is a popular Apache plugin that serves as a Web Application Firewall, screening requests coming in to the webserver based on a set of configurable rules.
Because every website and application has slightly different circumstances, which will require some fine-tuning of the rules, there is no "best" ruleset. However, I want to share the rules below, which are a good basic set to use on a web server to enhance security.
You should copy the entire text of these rules (or whichever rules you would like to activate) into your-modsec2.user.conf-configuration file, or the configuration file your mod_security installation has setup for user-configurable rules.
If you do not have mod_security installed, it's very easy to configure with ConfigServer's free ModSecurity plugin for cPanel: http://configserver.com/cp/cmc.html
Try the rules below, for example:
Of course, like I mentioned, every application has different web security needs. What do you think about mod_security's effectiveness and ease of use?
Because every website and application has slightly different circumstances, which will require some fine-tuning of the rules, there is no "best" ruleset. However, I want to share the rules below, which are a good basic set to use on a web server to enhance security.
You should copy the entire text of these rules (or whichever rules you would like to activate) into your-modsec2.user.conf-configuration file, or the configuration file your mod_security installation has setup for user-configurable rules.
If you do not have mod_security installed, it's very easy to configure with ConfigServer's free ModSecurity plugin for cPanel: http://configserver.com/cp/cmc.html
Try the rules below, for example:
For the full ruleset, which is difficult to post due to its "explicit" content, and additional rules for securing against SQL injection attacks, check the updated mod_security rules in our knowledgebase.SecRule ARGS {php} "severity:4,log,deny,id:6624001"
SecRule ARGS eval "severity:4,log,deny,id:6624002"
SecRule ARGS base64_decode "severity:4,log,deny,id:6624003"
SecRule REQUEST_URI|ARGS|REQUEST_BODY "base64_decode" "severity:4,log,deny,msg:'Access Denied'id:'6624009'"
SecRule REQUEST_URI|ARGS|REQUEST_BODY "eval" "severity:4,log,deny,msg:'Access Denied'id:'6624010'"
SecRule REQUEST_URI|ARGS|REQUEST_BODY "{php}" "severity:4,log,deny,msg:'Access Denied'id:'6624011'"
Of course, like I mentioned, every application has different web security needs. What do you think about mod_security's effectiveness and ease of use?