Re: [mod-security-users] blocking php uploads
Brought to you by:
victorhora,
zimmerletw
From: Clayton D. <cla...@gm...> - 2008-03-24 15:48:31
|
Ryan, Thanks and this is working as expected (though your reminder is accurate about crafty attackers) for PHP files. I'm wondering if I can specify a list of file names on the line below that should not be allowed. SecRule FILES "\.php$" log,deny,status:403,phase:2 Thanks! Clay On Fri, 2008-02-15 at 16:44 -0500, Ryan Barnett wrote: > Hello Clayton and welcome to the list J Yes, ModSecurity can help > you. The Core Rules > (http://www.modsecurity.org/projects/rules/index.html) has rules that > will help to protect against SQL Injection attacks and also when > clients try to access Trojan/backdoor web pages that may have been > uploaded through a non-HTTP interface. As for preventing PHP file > uploads, you may be able to use the example rule shown here > (http://www.modsecurity.org/documentation/modsecurity-apache/2.5.0-rc4/modsecurity2-apache-reference.html#N10B39) by inspecting the FILES variable data to try and prevent the “.php” extension as this would be the uploaded filename. Keep in mind, however that this is prone to evasions by a crafty attacker. > > > > Hope this helps. > > > > > -- > Ryan C. Barnett > ModSecurity Community Manager > > Breach Security: Director of Training > > Web Application Security Consortium (WASC) Member > > CIS Apache Benchmark Project Lead > > SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC > > Author: Preventing Web Attacks with Apache > > > > > > > > ______________________________________________________________________ > > From:mod...@li... > [mailto:mod...@li...] On Behalf Of > Clayton Dillard > Sent: Friday, February 15, 2008 4:41 PM > To: mod...@li... > Subject: [mod-security-users] blocking php uploads > > > > > > Folks, > I'm new to this list and I'm researching mod_security. So far it > seems like a very good tool. At my company, we host shared SugarCRM > instances for our customers. Thus, we would need to know if > mod_security can be configured so that it provides a strong level of > defense against common PHP, SQL-injection, and Apache attacks. One > thing we want to do is to prevent anyone from uploading php files (or > any executable code for that matter). Can mod_security do this? > > Best regards, > > > > Clayton Taylor Dillard > > http://hspcd.blogspot.com/ > > > > > > Clayton Taylor Dillard http://hspcd.blogspot.com/ |