Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

A Good mod_security ruleset Rate Topic   - - - - -

 
  • Earl
  • Member
  • Members
  • Join Date: 30-Oct 07
  • 44 posts

Posted 19 February 2008 - 01:18 AM #1

Hi All,
I am looking for a good mod_security ruleset for my site that does not conflict with my version of Cs-Cart. Any suggestions or recommendations?
Earl
Cs-Cart 1.3.5 sp2 | Linux VPS Hosting | MySql 5.0.27 | PHP 5.2.6

 
  • Earl
  • Member
  • Members
  • Join Date: 30-Oct 07
  • 44 posts

Posted 19 February 2008 - 01:30 AM #2

I forgot to give my Apache version, which is 2, soon to be upgraded to 2.2. using CSF/LFD.
Earl
Cs-Cart 1.3.5 sp2 | Linux VPS Hosting | MySql 5.0.27 | PHP 5.2.6

 
  • S-Combs
  • Senior Member
  • Members
  • Join Date: 09-Nov 06
  • 692 posts

Posted 19 February 2008 - 03:01 AM #3

mod_security rules are very server specific and dependant on the processes and applications running on it.

I suggest obtaining the rulesets from http://www.gotroot.com and tailoring them to your needs. This will take allot of trial & error until you get a startable Apache and stable results.

2.x Rule Files broken out individually
Web Application protection rules
Just In Time Patching rule for Vulnerable Applications
Bad UserAgents blocking rules
Comment spam blacklist
Compromised/Hacker boxes blacklist
Additional Apache 2.x rules
Signatures to block known rootkits, worms, etc.
Exclusions for the Rules
"Google Hacks" signatures


It's best to include these as separate files instead of massed together as one for easier maintenance.

Similar to this inside modsec2.conf:
include /usr/local/apache/conf/modsecrules/exclude.conf
Include /usr/local/apache/conf/modsecrules/rootkits.conf
Include /usr/local/apache/conf/modsecrules/recons.conf
Include /usr/local/apache/conf/modsecrules/useragents.conf
Include /usr/local/apache/conf/modsecrules/rules.conf
Include /usr/local/apache/conf/modsec2.hm.conf

Once you get a stable set for your needs, keep a close eye on your audit and error logs for awhile to find the remaining buggy ones.
Secure Cart Hosting
[CS-Cart Optimized Solutions and Server Management]

 
  • Earl
  • Member
  • Members
  • Join Date: 30-Oct 07
  • 44 posts

Posted 19 February 2008 - 10:14 AM #4

Thanks S-Combs I will try these in the coming weeks
Earl
Cs-Cart 1.3.5 sp2 | Linux VPS Hosting | MySql 5.0.27 | PHP 5.2.6