Otu esi edobe ModSecurity na Apache na Debian/Ubuntu
Sava weebụ Apache bụ nke a na-ahazi nke ukwuu ma nwee ike ịhazi ya n'ọtụtụ ụzọ iji gboo mkpa gị. Enwere ọtụtụ modul ndị ọzọ ị nwere ike iji hazie Apache na mmasị gị.
ModSecurity bụ WAF mepere emepe (Firewall Ngwa Weebụ) nke sitere na sava weebụ Apache. Ọ bụ naanị modul Apache mana o tolitere n'afọ ka ọ bụrụ firewall ngwa weebụ zuru oke. Nginx na ọbụna IIS na-akwado ya ugbu a.
ModSecurity na-enyocha arịrịọ mbata na sava weebụ megide usoro akọwapụtara nke ọma. Dịka, ọ na-enye usoro iwu mara dị ka CRS (Core Rule Set) nke na-echebe webụsaịtị site n'ụdị mwakpo ngwa weebụ dị ka ịgbanye SQL, XSS, na njide nnọkọ n'etiti nrigbu ndị ọzọ.
[Ị nwekwara ike ịmasị: Ngwa 5 iji nyochaa sava Linux maka Malware na Rootkits]
ModSecurity ngwa firewall bụ akụkụ dị mkpa nke nnabata PCI DSS na saịtị na-echebe site na mwakpo mpụga. Mgbe enyere modul ahụ aka, ọ na-ebute 'Njehie a machibidoro iwu 403' nke na-egosi na ị nweghị ikike zuru oke iji nweta akụrụngwa na sava weebụ.
N'ime ntuziaka a, anyị ga-egosi gị otu esi edozi na hazie ModSecurity ka ọ rụọ ọrụ na Apache na Debian na Ubuntu Linux.
Kwụpụ 1: Wụnye ModSecurity na Ubuntu
Nzọụkwụ mbụ bụ ịwụnye ModSecurity. Anyị ga-amalite site, nke mbụ, na-enye ume ọhụrụ ndepụta ngwugwu dị ka ndị a:
$ sudo apt update
Na-esote, wụnye ngwugwu ModSecurity n'akụkụ ndị ọzọ dabere na ọba akwụkwọ.
$ sudo apt install libapache2-mod-security2
Mgbe nke ahụ gasịrị, gbanye modul ahụ.
$ sudo a2enmod security2
Mgbe ahụ malitegharịa sava weebụ Apache ka itinye mgbanwe ndị ahụ.
$ sudo systemctl restart apache2
N'oge a, etinyere ModSecurity nke ọma. Ka anyị hazie ya ugbu a.
Kwụpụ 2: Hazie ModSecurity na Ubuntu
Site na ndabara, a na-ahazi ModSecurity naanị ka ịchọpụta na banye ọrụ enyo. Anyị kwesịrị ịga nzọụkwụ ọzọ wee hazie ya ọ bụghị naanị ịchọpụta kamakwa igbochi ọrụ enyo.
Detuo, faịlụ nhazi ModSecurity ndabara - modsecurity.conf-akwadoro - gaa na faịlụ ọhụrụ dịka enyere n'iwu dị n'okpuru.
$ sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
Iji editọ ederede masịrị gị, mepee faịlụ ahụ
$ sudo nano /etc/modsecurity/modsecurity.conf
Chọta ahịrị:
SecRuleEngine DetectionOnly
Tọọ ya na:
SecRuleEngine On
Chekwaa mgbanwe ndị ahụ wee pụọ na faịlụ ahụ.
Iji tinye mgbanwe na Apache, malitegharịa sava weebụ.
$ sudo systemctl restart apache2
Kwụpụ 3: Budata OWASP ModSecurity Core Ruleset
Nzọụkwụ ọzọ bụ ibudata OWASP ModSecurity Core Rule Set (CRS) kachasị ọhụrụ site na ibe GitHub.
Mechie ebe nchekwa OWASP git ka egosiri.
$ git clone https://github.com/coreruleset/coreruleset.git
Gaa na ndekọ.
$ cd coreruleset/
Jide n'aka na ị bugharịa faịlụ crs-setup.conf.example na ndekọ nchekwa modsecurity wee nyegharịa ya aha ka crs-setup.conf.
$ sudo mv crs-setup.conf.example /etc/modsecurity/crs-setup.conf
Na mgbakwunye, bugharịa ndekọ iwu na ndekọ modsecurity kwa.
$ sudo mv rules/ /etc/modsecurity/
Na-esote, dezie faịlụ security2.conf.
$ sudo nano /etc/apache2/mods-enabled/security2.conf
Gbaa mbọ hụ na o nwere ahịrị ndị a.
IncludeOptional /etc/modsecurity/*.conf Include /etc/modsecurity/rules/*.conf
Mgbe ahụ malitegharịa Apache maka mgbanwe ahụ ka ọ dịgide.
$ sudo systemctl restart apache2
Ka anyị nwalee nhazi ModSecurity anyị ugbu a.
Kwụpụ 4: Na-anwale nhazi ModSecurity na Ubuntu
N'ikpeazụ, anyị kwesịrị ịnwale na ModSecurity nwere ike ịchọpụta ma gbochie okporo ụzọ HTTP na-enyo enyo. Iji nweta nke a, anyị kwesịrị dezie ndabere mebere usu faịlụ.
$ sudo nano /etc/apache2/sites-available/000-default.conf
Ọzọ, anyị ga-emepụta iwu mgbochi nke ga-egbochi ịnweta ụfọdụ URL mgbe ihe nchọgharị weebụ nwetara.
Tinye ahịrị ndị a na njedebe tupu mkpado mmechi 'Virtualhost'.
SecRuleEngine On SecRule ARGS:testparam "@contains test" "id:254,deny,status:403,msg:'Test Successful'"
Enwere onwe gị ịtọ mkpado 'id' na 'msg' na ụkpụrụ ọ bụla a na-achọsi ike.
Mgbe ahụ malitegharịa sava weebụ Apache ka itinye mgbanwe ndị emere na faịlụ nhazi nnabata nke ọma.
$ sudo systemctl restart apache2
N'ihe nchọgharị weebụ gị, nwaa ịga na URL egosiri na ?testparam=test na njedebe.
http://server-ip/?testparam=test
Ị nweta 'Njehie a machibidoro iwu 403' na-egosi na egbochila gị ịnweta akụrụngwa ahụ.
Ị nwere ike n'ihu kwenye na egbochiri onye ahịa site na ịlele ndekọ njehie dị ka ndị a.
$ cat /var/log/apache2/error.log | grep “Test Successful”
[Ị nwekwara ike ịmasị: Otu esi etinye ModSecurity maka Nginx na Debian/Ubuntu]
Nke a bụ nkwenye na anyị edozila ModSecurity nke ọma iji chọpụta ma gbochie okporo ụzọ achọghị. N'ime ntuziaka a, anyị ejegharịla gị na usoro nke ịtọlite ModSecurity na Apache na sistemụ Debian/Ubuntu.