mod_security: what exactly does it block?
mod_security is one of the important security tweak we perform on a server when try to secure our server. mod_security integrates with Apache to stop attackers from being able to issue commands to the server through vulnerable scripts and software packages which are installed on the server. By default, mod_security blocks from being called from within a URL.
- wget
- lynx
- curl
- tar
- uname
- g
- gcc
- nmap
- .bash_history
- /etc/passwd
- /bin/ps
- /usr/bin/id
- /bin/kill
- /usr/bin/gcc
- /bin/mail
- /bin/ping
- /bin/ls
- lsof
- perl
- 0a.pl
- βimg xsrc=javascriptβ
- /~nobody
- /~root
- /~ftp
- formmail.cgi
- formmail.pl
- formmail.php
- /modules/My_eGallery
- telnet.pl
- telnet.cgi
- shell.pl
- shell.cgi
- shell.php
Again, this list does not mean you cannot use features like βtarβ in your programs. You just canβt include βtarβ in the URL bar.
To modify your mod_security configuration file, you would want to:
1. Login to your server as root.
2. Open the file /usr/local/apache/conf/mod_security.conf
pico -w /usr/local/apache/conf/mod_security.conf
3. Search for any directive you might want to remove (such as βtarβ) and put a β#β at the start of the line. This will βcommentβ that directive out where the server will essentially ignore it. If you wish to add a directive, just scroll to the bottom of the file and use:
SecFilter βphrasetoblockβ
4. Save your changes and restart Apache.
service httpd restart
