<![CDATA[沧海一粟]]> http://www.dzhope.com/index.php zh-cn http://www.dzhope.com/post// <![CDATA[安装mod_security加强apache2安全防sql 注入]]> jed <jed521@163.com> Sun, 16 Jan 2011 07:42:47 +0000 http://www.dzhope.com/post//

# tar zxvf
modsecurity-apache-1.9.tar.gz
# cd modsecurity-apache-1.9/apache2/
# /apache2/bin/apxs -cia mod_security.c


打开httpd.conf加入
查看是否有
LoadModule security_module    modules/mod_security.so
如没有则加上去

添加一段mod_security的配置文件

<IfModule mod_security.c>
SecFilterEngine On
SecFilterCheckURLEncoding
On
SecFilterDefaultAction "deny,log,status:500"
#SecFilterForceByteRange
32 126
#SecFilterScanPOST On
SecAuditLog
logs/audit_log
###
SecFilter "\.\./"
#####
SecFilter
/etc/*passwd
SecFilter /bin/*sh

#for css attack
SecFilter "<( |
)*script"
SecFilter "<(.| )+>"
#for sql attack
SecFilter "delete[
]+from"
SecFilter "insert[ ]+into"
SecFilter "select.+from"
SecFilter
"union[ ]+from"
SecFilter "drop[ ]"
</IfModule>


Tags - , ]]> http://www.dzhope.com/post//#blogcomment <![CDATA[[评论] 安装mod_security加强apache2安全防sql 注入]]> <user@domain.com> Thu, 01 Jan 1970 00:00:00 +0000 http://www.dzhope.com/post//#blogcomment