forwarding to the correct list ---------- Forwarded Message ---------- Subject: [Fedora-sysadmin-list] Web Security Date: Friday 21 November 2008 From: "Damian Myerscough" <damian.myerscough@xxxxxxxxx> To: "Fedora Administration and Infrastructure project" <fedora-sysadmin- list@xxxxxxxxxx> Hello All, I have managed to get a bit of free time to create some simple rules for mod_security which would be suitable for the web servers which we are currently running. I have wrote some generic rules which should be compatible with all the web servers. However, we could write rules which are much stricter for the web applications that are hosted off the web servers. Let me know what people think about the rules that I have attached. Just a note, the final rule should point to maybe a security notice... it would currently just redirect users to fedoraproject.org. -- Regards, Damian Myerscough -------------------------------------------------------
# Basic configuration options SecRuleEngine On SecRequestBodyAccess On SecResponseBodyAccess Off # Debug log SecDebugLog /var/log/httpd/modsec_debug.log SecDebugLogLevel 0 # Make sure URL Encoding/Decoding is valid SecFilterCheckURLEncoding On SecFilterCheckUnicodeEncoding On # Check POST payload SecFilterScanPOST On # Prevent XSS Attacks SecFilter "<(.|\n)+" # Prevent SQL injection SecFilter "(delete|insert)[[:space:]]+(from|into)" # Prevent SSI Injection SecFilter "\<\!--|#" # Filter out the keywords /bin, /etc and /usr SecFilter "/bin" SecFilter "/etc" SecFilter "/usr" # Maximum request body size we will accept for buffering SecRequestBodyLimit 131072 # Store up to 128 KB in memory SecRequestBodyInMemoryLimit 131072 # Buffer response bodies of up to 512 KB in length SecResponseBodyLimit 524288 # Set Server Signature SecServerSignature "Fedora Web Server" # Insepect the output for keywords "Defaced, hacked/h4cked, own/0wn" # Once a keyword has been detected then redirect them to somewhere and don't allow them to see the # defacers message SecFilterSelective OUTPUT "(deface|h[a4]ck]|[o0]wn\.)" deny,log,redirect:http://fedoraproject.org
_______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
