modsecurity handbook

. Solutions 1. Never trust user input fields. All user input should be considered untrusted and potentially malicious. Untrusted input processes of applications may become vulnerable to buffer overflow attacks, SQL injection, OS command injection, denial of service, and email injection. 2. Use regular expressions to filter data submitted by users. For example, we can search (r or n) in the input string ). 3. Use external components and libraries to prevent such problems as ZEND mail, PEAR mail,

server. Check the log, which is displayed in the/usr/local/Apache/logs/directory of the server.A file like DOS-192.168.1.94 is generated [dos and IP addresses are generally used], which is as follows:Ls/usr/local/Apache/logs/DOS-192.168.1.101 DOS-192.168.1.104One more log is displayed:DOS-192.168.1.104Let's look at it again:The logs in tail-F/usr/local/apache2/logs/error_log are as follows: [Note: the error log is in apache2/logs and in apache2]Bogon:/usr/local/Apache/logs # tail/usr/local/apac

Module: mod_evasiveRole: Prevent DDOS attacksIntroduction: The predecessor of the mod_evasive module is mod_dosevasive.Download: http://www.nuclearelephant.com/projects/mod_evasive Install# Tar zxvf mod_evasive_1.10.1.tar.gz# Cd mod_evasive_1.10.1#/Usr/local/apache/bin/apxs-I-a-c mod_evasive20.c Open the httpd. conf fileCheck whetherLoadModule evasive20_module modules/mod_evasive+soIf not, add it. And add it to httpd. conf.#################################DOSHashTableSize 3097DOSPageCount 2DOSSi

System version: Red Hat 6HTTPD version: httpd-2.4.20Tar package: modsecurity-apache_2.5.9.tar.gz mod_evasive_1.10.1.tar.gzAbout apxs:http://itlab.idcquan.com/linux/manual/apachemanual/programs/apxs.html Installation of the Mod_evasive module# Tar XF mod_evasive_1.10.1.tar.gz# cd mod_evasive# lschangelog mod_evasive20.c mod_evasive20.o Mod_evasiveNSAPI . clicense mod_evasive20.la mod_evasive20.slo readmemakefile.tmpl mod_evasive20.lo mod_evasive.

] 4095#0: *65240 limiting requests, excess: 5.772 by zone "one", client: 10.11.15.161, server: , request: "GET /i.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 HTTP/1.1", host: "10.11.15.174", referrer: "http://10.11.15.174/i.php"Five. Some other anti-CC methods1.Nginx modules modsecurity, Http_guard, Ngx_lua_waf Modsecurity Application layer WAF, powerful, defense-rich attack, configuration complex

An error occurred in apache under fedora7. Solution to code 400: Linux Enterprise Application-Linux server application information. For details, refer to the following section. Problem: If you enter 127.0.0.1 or the Host IP address in the browser, the following error occurs: /**********/ Bad Request Your browser sent a request that this server cocould not understand. Apache/2.2.0 (Fedora) Server at 127.0.0.1 Port 80 /*********/ If http: // host name/is opened in the browser on the host, the

How to Use ssdeep to detect webshell In the latest version of ModSecurity, The ssdeep webshell detection interface is added, and the client security (game Security) is suddenly recalled) I bought a book about malware analysis know-how and toolbox-techniques and tools against "rogue" software. this book mentions the use of ssdeep to find malware (webshell is a type of malware, and the security field is interconnected). This article describes how to us

/naxsi-tutorial-1/Defense MechanismNaxsi's main protection mechanism is to implement threat blocking through a built-in set of extremely strict core rules, and to prevent normal requests from being killed by a user-defined whitelist (white list), through continuous optimization of both sides, To achieve a balance between security protection and business access.modsecurity Module Module IntroductionIn favor of filtering and blocking web dangers, the strong rule is that OWASP provides rules that a

, without the user's knowledge, to forge the request as a user. The core is the use of browser cookies or server session policy to steal user identities .Form TokeCSRF is an action that forges a user request, so all the parameters requested by the user need to be constructed, and the form token organizes the attacker to get all the request parameters by adding a random number to the request parameter.Verification CodeSimpler and more efficient, that is, when a request is submitted, the user is r

corresponding to 'A' MOD '1' is 0 MOD 1 = 0, and the user's corresponding value is 0. (4) enter the user name '-"# "-" The corresponding value is 0-0 = 0, and the user's corresponding value is 0. Bit operators , |, ^, (5) enter the user name '/'1 ′# "/The value corresponding to '1' is 0/1 = 0, and the user's corresponding value is 0. Bit operators , |, ^, (6) enter the username a' 'B '# The value corresponding to 'A' 'B' is 0 0 = 0, and the user's corresponding value is 0. For th

/ Install# Tar zxvf modsecurity-apache-1.9.tar.gz# Cd modsecurity-apache-1.9/apache2/#/Apache2/bin/apxs-CIA mod_security.c Open the httpd. conf fileCheck whetherLoadmodule security_module modules/mod_security.soIf not, add it. And add it to httpd. conf.################################# Secfilterengine onSecfiltercheckurlencoding onSecfilterdefaultaction "Deny, log, status: 500"# Secfilterforcebyterange 32 1

, without the user's knowledge, to forge the request as a user. The core is the use of browser cookies or server session policy to steal user identities .Form TokeCSRF is an action that forges a user request, so all the parameters requested by the user need to be constructed, and the form token organizes the attacker to get all the request parameters by adding a random number to the request parameter.Verification CodeSimpler and more efficient, that is, when a request is submitted, the user is r

spoofed by the attacker without the user's knowledge of the request.Referer CheckThe source of the request is recorded in the Referer domain of the HTTP request header, which can be verified by checking the request source to verify that it is legitimate, and can also be exploited to break through the chain of intrusion.4. Web Application FirewallModsecurity is an open-source Web application firewall that detects attacks and protects Web applications, either embedded in a Web application server

LinuxBooks:Penetration Test Books:The Art of exploitation by Jon Erickson, 2008Metasploit:the penetration tester #039; s Guide by David Kennedy and others, 2011Penetration testing:a hands-on Introduction to Hacking by Georgia Weidman, 2014rtfm:red Team Field Manual by Ben Clark, 2014The Hacker Playbook by Peter Kim, 2014The Basics of Hacking and penetration testing by Patrick Engebretson, 2013Professional Penetration Testing by Thomas Wilhelm, 2013Advanced Penetration testing for highly-secured

Playing FreeBSD discovery is really tiring. I believe that the following questions are the first time to play FreeBSD have encountered: Installation system By default only text mode, need to manually install Gnome,kde and other desktop environment. FreeBSD installs, upgrades the software two ways: ports,pkg, how to use? How virtual machines Install the VMware Tools Enhanced experience FreeBSD provides DVD image, how to install software directly from the mirror, to avoid the

similar to this position: "/home/jaceju/public_html/". 　　 Download the latest Smarty kit from the official website of Smarty: Http://smarty.php.net. 　　 After unlocking Smarty 2.6.0, you will see a lot of files, including a Libs folder. There should be 3 class.php + 1 DEBUG.TPL + 1 plugin folders + 1 Core folders in Libs. Then directly copy the Libs to your program Master folder, and then rename it to class. That's it? That's right! This installation method is relatively simple, suitable for use

Introduction Weibo designers know that there is an internal tool that can help build prototypes quickly, and we call them "WDL", the initials of the Weibo Design Library, the English name of the micro-blog. by February 28, 2011 WDL formally released the internal version, open browsing, our designers, as well as product managers have been using it, and actively focus on and support the WDL of each component Update and version upgrade. Our official definition of WDL is: "WDL is a code base for

Article Description: uncover the wdl-of the micro-blog interaction norms of the growth process. Introduction Weibo designers know that there is an internal tool that can help build prototypes quickly, and we call them "WDL", the initials of the Weibo Design Library, the English name of the micro-blog. by February 28, 2011 WDL formally released the internal version, open browsing, our designers, as well as product managers have been using it, and actively focus on and support the WDL