mod-security-users

[mod-security-users] Mod Security issue

[Yair <hac...@gm...>]

Hi!

I'm using FC2 (apache 1.3) with mod_security, I wanted to ask if there is a
way to "block" words via mod_security.

For example:

If somebody make a post with a board that is hosted on my server with the
word "wget" or "su root" then it will redirect the page to abuse.*my
domain*.com (but for every site, html / php ).

 

Thanks, Yair

 

Re: [mod-security-users] Mod Security issue

[Ivan R. <iv...@we...>]

Yair wrote:
> Hi!
> 
> I'm using FC2 (apache 1.3) with mod_security, I wanted to ask if there 
> is a way to "block" words via mod_security.

   Yes, there is. You'll find more information in the manual. Also,
   you can look at the example rules distributed with mod_security,
   the converted Snort rules, or the rules available elsewhere:

   http://www.gotroot.com/mod_security+rules
   http://www.infiltrated.net/modsecrules

   mod_security rule generator:
   http://leavesrustle.com/tools/modsecurity/


> For example:
> 
> If somebody make a post with a board that is hosted on my server with 
> the word "wget" or "su root" then it will redirect the page to abuse.*my 
> domain*.com (but for every site, html / php ).

   Sure, but FYI if you are running a forum of some kind it is usually
   difficult to distinguish such attacks from people discussing Unix
   tools.

-- 
Ivan Ristic
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org