Konu: mod_security kurulumu
Tekil Mesaj gösterimi
  #41 (permalink)  
Alt 01.05.08, 05:56 PM
whmci whmci isimli Üye şimdilik offline konumundadır
Sempron
  
Üyelik tarihi: Mar 2008
Mesajlar: 34
Tecrübe Puanı: 0
whmci is on a distinguished road
Kod:
####################################
# FRONTPAGE
####################################

SecFilter "_vti_bin" allow
SecFilterSelective THE_REQUEST "/fpsrvadm\.exe" pass
SecFilterSelective THE_REQUEST "/fpremadm\.exe" pass
SecFilterSelective THE_REQUEST "/admisapi/fpadmin\.htm" pass
SecFilterSelective THE_REQUEST "/scripts/Fpadmcgi\.exe" pass
SecFilterSelective THE_REQUEST "/_private/orders\.txt" pass
SecFilterSelective THE_REQUEST "/_private/form_results\.txt" pass
SecFilterSelective THE_REQUEST "/_private/registrations\.htm" pass
SecFilterSelective THE_REQUEST "/cfgwiz\.exe" pass
SecFilterSelective THE_REQUEST "/authors\.pwd" pass
SecFilterSelective THE_REQUEST "/_vti_bin/_vti_aut/author\.exe" pass
SecFilterSelective THE_REQUEST "/administrators\.pwd" pass
SecFilterSelective THE_REQUEST "/_private/form_results\.htm" pass
SecFilterSelective THE_REQUEST "/_vti_pvt/access\.cnf" pass
SecFilterSelective THE_REQUEST "/_private/register\.txt" pass
SecFilterSelective THE_REQUEST "/_private/registrations\.txt" pass
SecFilterSelective THE_REQUEST "/_vti_pvt/service\.cnf" pass
SecFilterSelective THE_REQUEST "/service\.pwd" pass
SecFilterSelective THE_REQUEST "/_vti_pvt/service\.stp" pass
SecFilterSelective THE_REQUEST "/_vti_pvt/services\.cnf" pass
SecFilterSelective THE_REQUEST "/_vti_bin/shtml\.exe" pass
SecFilterSelective THE_REQUEST "/_vti_pvt/svcacl\.cnf" pass
SecFilterSelective THE_REQUEST "/users\.pwd" pass
SecFilterSelective THE_REQUEST "/_vti_pvt/writeto\.cnf" pass
SecFilterSelective THE_REQUEST "/dvwssr\.dll" pass
SecFilterSelective THE_REQUEST "/_private/register\.htm" pass
SecFilterSelective THE_REQUEST "/_vti_bin/" pass
SecFilterSelective THE_REQUEST "/_vti_bin/vti_aut/author.exe" pass
SecFilterSelective THE_REQUEST "/_vti_bin/vti_aut/" pass


####################################
# WEB ATTACKS
####################################

# DISABLED - blocking many legit requests
# SecFilterSelective ARGS "bin/"
# SecFilter "\;id"
# SecFilter "tftp\x20"
# SecFilter "cc\x20"
# SecFilter "python\x20"
# SecFilter "nc\x20"
# SecFilter "rm\x20"

SecFilter "wget\x20"
SecFilter "uname\x20-a"
SecFilter "g\+\+\x20"
SecFilter "gcc\x20-o"
SecFilter "nmap\x20"
SecFilter "/etc/shadow"
SecFilter "/etc/passwd"

SecFilterSelective THE_REQUEST "/bin/ps"
SecFilterSelective THE_REQUEST "/usr/bin/id"
SecFilterSelective THE_REQUEST "/bin/kill"
SecFilterSelective THE_REQUEST "/usr/bin/gcc"
SecFilterSelective THE_REQUEST "/usr/bin/cc"
SecFilterSelective THE_REQUEST "/usr/bin/g\+\+"
SecFilterSelective THE_REQUEST "/bin/ping"
SecFilterSelective THE_REQUEST "/bin/mail"
SecFilterSelective THE_REQUEST "/bin/ls"

SecFilterSelective THE_REQUEST "lsof\x20" chain
SecFilterSelective !POST_PAYLOAD "lsof\x20"

SecFilterSelective THE_REQUEST "perl\x20" chain
SecFilterSelective !POST_PAYLOAD "perl\x20"

SecFilterSelective POST_PAYLOAD "Bcc:" chain
SecFilter "aol.com"
####################################
# GENERAL BAD STUFF
####################################

# *%0a.pl access
SecFilterSelective THE_REQUEST "/*\x0a\.pl"

# cross site scripting \(img src=javascript\) attempt
SecFilter "img src=javascript"


####################################
# SYSTEM FILE/COMMAND PROTECTION
####################################

SecFilterSelective ARGS "wget "
SecFilterSelective ARGS "lynx "
SecFilterSelective ARGS "curl "
# .bash_history access
SecFilterSelective THE_REQUEST "/\.bash_history"

# Apache Chunked-Encoding worm attempt
SecFilter "CCCCCCC\: AAAAAAAAAAAAAAAAAAA"


####################################
# SYSTEM USER PROTECTION
####################################

# /~nobody access
SecFilterSelective THE_REQUEST "/~nobody"

# /~root access
SecFilterSelective THE_REQUEST "/~root"

# /~ftp access
SecFilterSelective THE_REQUEST "/~ftp"


####################################
# INSTALLED SCRIPT SECURITY
####################################

# squirrel mail theme arbitrary command attempt
SecFilterSelective THE_REQUEST "/left_main\.php" chain
SecFilter "cmdd="
# PHP-Wiki cross site scripting attempt
SecFilterSelective THE_REQUEST "<script"

# PHPLIB remote command attempt
SecFilter "_PHPLIB\[libdir\]"

# formmail ban but allow modified cpanels formmail
SecFilter "/cgi-sys/formmail.cgi" allow
SecFilter "formmail.php$|formmail.php*/$"
SecFilter "formmail.cgi$|formmail.cgi*/$"
SecFilter "formmail.pl$|formmail.pl*/$"

# Galery module of phpnuke very vunerable
SecFilter "/modules/My_eGallery/"

####################################
# PHPBB VULNERABILITY PATCH
####################################
SecFilterSelective QUERY_STRING|POST_PAYLOAD|ARGS "echr\("
SecFilterSelective "THE_REQUEST" "(system|exec|passthru|popen|shell_exec|proc_open|fopen|fwrite)\s*\("

SecFilter "system\(chr\(99\)"
SecFilter "perl\x20"
SecFilter "sh\x20-c"

SecFilterScanPOST On
####################################
# Email Injection Header fix
####################################
SecFilter "bcc:"
SecFilterSelective THE_REQUEST "bcc:|bcc%3A"
#########################
#Iframe
SecFilter "GET\x20http://"
SecFilter "includedir=http"
#########################
Arkadaşlar bu moc_sec ayarları iyi midir??
Alıntı ile Cevapla