[mod-security-users] Need suggestion about SecFilter in mod_security2
Brought to you by:
victorhora,
zimmerletw
From: Chonanis K. <cho...@we...> - 2009-02-13 13:17:48
|
Hello, I'm new to mod_security, now using mod_security2 with apache 2.2. Now my server is facing some kind of attack, which of course I don't want it to happen. I've found some rules to prevent attack at http://forum.mamboserver.com/showthread.php?t=26406 . But it seems to be the rules of mod_security 1. The following is example of the rules in that link. # WEB-ATTACKS /bin/sh command attempt SecFilter "/bin/sh" # WEB-ATTACKS ps command attempt SecFilterSelective THE_REQUEST "/bin/ps" # WEB-ATTACKS /bin/ps command attempt # SecFilterSelective THE_REQUEST "ps\x20" # WEB-ATTACKS wget command attempt SecFilter "wget\x20" I wonder how can I change these rules to be able to use in mod_sercurity2? I searched around, and know that there is no SecFilter anymore in version 2, and it's changed to SecRule. But when I try changing all "SecFilter" into "SecRule", it still can't be used. Here is the error when I restart apache after editing the rule: Starting httpd: Syntax error on line 34 of /etc/httpd/modsecurity.d/ modsecurity_crs_35_bad_robots.conf: Invalid command 'SecFilter', perhaps misspelled or defined by a module not included in the server configuration The other question is, if I'd like to block some script name, for example check.cgi. Can I just write "SecRule check.cgi"? Or how should I do? Please suggest. Thank you, Chonanis |