安装mod_security加强apache2安全防sql 注入
安装modsecurity(mod_security 可以加强apache的安全性特别是在防sql 注入上有很好的效果。):
# tar zxvf
modsecurity-apache-1.9.tar.gz
# cd modsecurity-apache-1.9/apache2/
# /apache2/bin/apxs -cia mod_security.c
打开httpd.conf加入
查看是否有
LoadModule security_module modules/mod_security.so
如没有则加上去
添加一段mod_security的配置文件
<IfModule mod_security.c>
SecFilterEngine On
SecFilterCheckURLEncoding
On
SecFilterDefaultAction "deny,log,status:500"
#SecFilterForceByteRange
32 126
#SecFilterScanPOST On
SecAuditLog
logs/audit_log
###
SecFilter "\.\./"
#####
SecFilter
/etc/*passwd
SecFilter /bin/*sh
#for css attack
SecFilter "<( |
)*script"
SecFilter "<(.| )+>"
#for sql attack
SecFilter "delete[
]+from"
SecFilter "insert[ ]+into"
SecFilter "select.+from"
SecFilter
"union[ ]+from"
SecFilter "drop[ ]"
</IfModule>
# tar zxvf
modsecurity-apache-1.9.tar.gz
# cd modsecurity-apache-1.9/apache2/
# /apache2/bin/apxs -cia mod_security.c
打开httpd.conf加入
查看是否有
LoadModule security_module modules/mod_security.so
如没有则加上去
添加一段mod_security的配置文件
<IfModule mod_security.c>
SecFilterEngine On
SecFilterCheckURLEncoding
On
SecFilterDefaultAction "deny,log,status:500"
#SecFilterForceByteRange
32 126
#SecFilterScanPOST On
SecAuditLog
logs/audit_log
###
SecFilter "\.\./"
#####
SecFilter
/etc/*passwd
SecFilter /bin/*sh
#for css attack
SecFilter "<( |
)*script"
SecFilter "<(.| )+>"
#for sql attack
SecFilter "delete[
]+from"
SecFilter "insert[ ]+into"
SecFilter "select.+from"
SecFilter
"union[ ]+from"
SecFilter "drop[ ]"
</IfModule>