-->

Keamanan Apache dengan mod_security Ubuntu

Posted by Admin
Hallo sahabat IT Network System berjumpa lagi dengan saya admin IT Network System semoga sahabat semua dalam keadaan yang sehat semua. Pada kesempatan kali ini kita akan membahas tentang bagaimana mengamankan apache dengan mod_security. Artikel ini menunjukkan cara menginstal dan mengkonfigurasi mod_security. mod_security adalah modul Apache (untuk Apache 1 dan 2) yang menyediakan deteksi intrusi dan pencegahan untuk aplikasi web. Bertujuan untuk melindungi aplikasi web dari serangan yang tidak diketahui dan tidak dikenal, seperti serangan injeksi SQL. Pada langkah pertama kita akan menunjukkan cara menginstal mod_security pada  Ubuntu dan pada langkah kedua kita akan menjelaskan cara mengkonfigurasi Apache untuk mod_security yang independen dari distribusi yang kita gunakan.
Berikut langkah-langkahnya.

1. Installasi

itns:~# apt-get install libapache2-mod-security
itns:~# a2enmod mod-security
itns:~# /etc/init.d/apache2 force-reload

2. Masuk ke /etc/httpd/conf.d/mod_security.conf  untuk melakukan konfigurasi mod_security

itns:~# nano /etc/httpd/conf.d/mod_security.conf

#Contoh konfigurasi mod_security

LoadModule security_module modules/mod_security.so

<IfModule mod_security.c>

     SecFilterEngine On

    # The audit engine works independently and
    # can be turned On of Off on the per-server or
    SecAuditEngine RelevantOnly

    # Make sure that URL encoding is valid
    SecFilterCheckURLEncoding On

    # Unicode encoding check
    SecFilterCheckUnicodeEncoding On

    # Only allow bytes from this range
    SecFilterForceByteRange 1 255

    # Cookie format checks.
    SecFilterCheckCookieFormat On

    # The name of the audit log file
    SecAuditLog logs/audit_log

    # Should mod_security inspect POST payloads
    SecFilterScanPOST On

    # Default action set
    SecFilterDefaultAction "deny,log,status:406"

    # Simple example filter
    # SecFilter 111

    # Prevent path traversal (..) attacks
    # SecFilter "\.\./"

    # Weaker XSS protection but allows common HTML tags
    # SecFilter "<( |\n)*script"

    # Prevent XSS atacks (HTML/Javascript injection)
    # SecFilter "<(.|\n)+>"

    # Very crude filters to prevent SQL injection attacks
    # SecFilter "delete[[:space:]]+from"
    # SecFilter "insert[[:space:]]+into"
    # SecFilter "select.+from"

    # Require HTTP_USER_AGENT and HTTP_HOST headers
    SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"

    # Only accept request encodings we know how to handle
    # we exclude GET requests from this because some (automated)
    # clients supply "text/html" as Content-Type
    SecFilterSelective REQUEST_METHOD "!^GET$" chain
    SecFilterSelective HTTP_Content-Type "!(^$|^application/x-www-form-urlencoded$|^multipart/form-data)"

    # Require Content-Length to be provided with
    SecFilterSelective REQUEST_METHOD "^POST$" chain
    SecFilterSelective HTTP_Content-Length "^$"

    # Don't accept transfer encodings we know we don't handle
    # (and you don't need it anyway)
    SecFilterSelective HTTP_Transfer-Encoding "!^$"

    # Some common application-related rules from
    # http://modsecrules.monkeydev.org/rules.php?safety=safe

    #Nuke Bookmarks XSS
    SecFilterSelective THE_REQUEST "/modules\.php\?name=Bookmarks\&file=(del_cat\&catname|del_mark\&markname|edit_cat\&catname|edit_cat\&catcomment|marks\&catname|uploadbookmarks\&category)=(<[[:space:]]*script|(http|https|ftp)\:/)"

    #Nuke Bookmarks Marks.php SQL Injection Vulnerability
    SecFilterSelective THE_REQUEST "modules\.php\?name=Bookmarks\&file=marks\&catname=.*\&category=.*/\*\*/(union|select|delete|insert)"

    #PHPNuke general XSS attempt
    #/modules.php?name=News&file=article&sid=1&optionbox=
    SecFilterSelective THE_REQUEST "/modules\.php\?*name=<[[:space:]]*script"

    # PHPNuke SQL injection attempt
    SecFilterSelective THE_REQUEST "/modules\.php\?*name=Search*instory="

    #phpnuke sql insertion
    SecFilterSelective THE_REQUEST "/modules\.php*name=Forums.*file=viewtopic*/forum=.*\'/"

    # WEB-PHP phpbb quick-reply.php arbitrary command attempt

    SecFilterSelective THE_REQUEST "/quick-reply\.php" chain
    SecFilter "phpbb_root_path="

    #Topic Calendar Mod for phpBB Cross-Site Scripting Attack
    SecFilterSelective THE_REQUEST "/calendar_scheduler\.php\?start=(<[[:space:]]*script|(http|https|ftp)\:/)"


    #phpMyAdmin Export.PHP File Disclosure Vulnerability
    SecFilterSelective SCRIPT_FILENAME "export\.php$" chain
    SecFilterSelective ARG_what "\.\."

    #phpMyAdmin path vln
    SecFilterSelective REQUEST_URI "/css/phpmyadmin\.css\.php\?GLOBALS\[cfg\]\[ThemePath\]=/etc"

</IfModule>

Semoga dapat membantu semuanya.
Terima kasih

Kunjungi juga: Cara mengetahui siapa yang masuk ke OS LINUX

2 comments: