It's me...Hidayah

Protection Level Application (Mod Security).... 09/04/08 - 16/04/08

Protection kat level server -> run services:
-apache (web server)
–httpd
-sshd
-vsftpd
-samba
-mail (POP/SMTP)
-nfs

*Perlu ada mod security - filter kat url

Configure
Software needs:
- Apache server (Apache HTTP Server 2.2)
- Mod Security (mod_security-2.5.2-win32)
- Visual C++ 2008 Redistributable Package (vcredist_x86)
- Crimson Editor (cedt370r)

Step to configure:

Install:
- Create .../apache2/modules/mod_security2 and copy mod_security2.so and libxml2.dll to this folder
- Install the Visual C++ 2008 Redistributable Package

Add to your httpd.conf: open Apache HTTP Server 2.2- configure apache server – edit httpd.conf

Edit: open with Crimson Editor
- Copy and paste LoadModule security2_module modules/mod_security2/mod_security2.so
- Enable the module unique_id by uncommenting:
LoadModule unique_id_module modules/mod_unique_id.so

Modified: add index.php DirectoryIndex index.html index.php

A very quick start: copy and paste

SecRuleEngine On
SecDefaultAction log, auditlog, deny, status:403, phase:2, t:lowercase, t:replaceNulls, t:compressWhitespace
SecAuditEngine RelevantOnly
SecAuditLogType Serial
SecAuditLog logs/mod_security2.log

## -- General rules --------------------
SecRule ARGS "c:/" t:normalisePathWin
SecRule ARGS "\.\./" t:normalisePathWin
SecRule ARGS "d:/" t:normalisePathWin

## -- phpBB attack --------------------
SecRule ARGS:highlight "(\x27%27\x2527%2527)"

## -- SQL injection attack -------------------
SecRule ARGS “index.php?username=shaf”

Open file at apache 2.2 –
http://localhost/