Friday, February 12, 2021
Step 1. First, make sure that all your system packages are up-to-date by running these following apt commands in the terminal.
sudo apt update
sudo apt upgrade
Step 2. Installing ModSecurity Apache on Ubuntu 20.04.
Now we install the mod security package on the Ubuntu system using the following command:
sudo apt install libapache2-mod-security2
Restart apache service to take mod-security module into account:
sudo systemctl restart apache2
Step 3. Configuration of ModSecurity.
We’ve to start the configure of mod security. you can find the location at /etc/modsecurity:
sudo mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
Next, download the OWASP ModSecurity CRS from Github:
cd ~
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
Then, move and rename crs-setup.conf.example to crs-setup.conf. Also, move rules/ directory as well:
cd ~/owasp-modsecurity-crs
sudo mv crs-setup.conf.example /etc/modsecurity/crs-setup.conf
sudo mv rules/ /etc/modsecurity/
To get these rules working on Apache, you should edit the /etc/apache2/mods-available/security2.conf file:
[Read more…]
Open a terminal application or login to your server over the ssh session using ssh command. Open php.ini file using a text editor such as vim command or nano command:
$ sudo nano /etc/php.ini
Find disable_functions and set new list as follows:
# list of function to disable globally #
disable_functions =exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source
I also recommend to disable allow_url_include and allow_url_fopen for security reasons:
allow_url_fopen=Off
allow_url_include=Off
open_basedir = /var/www:/var/..
Save and close the file. Restart
# service apache2 restart
Friday, December 4, 2020
what is .htaccess?
htaccess is a server configuration file which is use for Apache Web Server software. when a .htaccess place in a web directory then this .htaccess file loaded via Apache Web Server and follow .htaccess instructions. Apache web server works which command use on .htaccess file. .htaccess files provide a way to change web server configurations.
Custom Directory Index Files
DirectoryIndex index.php index.html index.htm
Prevent Directory Listing
Options -Indexes
Force www or non-www
You can specify your website www or non-www by using .htaccess www and non-www means when a user browse your website then which type of link will display in users browser.
www.example.com or example.com selct is yours. You can specify it using .htaccess
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301]
RewriteCond %{HTTP_HOST} ^www.example.com [NC]
RewriteRule ^(.*)$ http://example.com/$1 [L,R=301]
Custom Error Page
You can setup custom error pages for your website. If you not set custom error pages for your website then your website will display default error pages which are provided by your hosting service provider. but you can set custom error pages using a .htaccess file.
ErrorDocument 400 error/400-badrequest.php
ErrorDocument 401 error/401-authorizationrequired.php
ErrorDocument 404 error/404-notfound.php
ErrorDocument 403 error/403-forbidden.php
ErrorDocument 500 error/500-servererror.php
[Read more…]
# Enable rewrite engine
RewriteEngine On
# Block suspicious request methods
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ — [F,L]
# Block WP timthumb hack
RewriteCond %{REQUEST_URI} (timthumb.php|phpthumb.php|thumb.php|thumbs.php) [NC]
RewriteRule . — [S=1]
# Block suspicious user agents and requests
RewriteCond %{HTTP_USER_AGENT} (libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (<|>|’|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (;|<|>|’|”|)|(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
RewriteCond %{THE_REQUEST} ? HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} /* HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
RewriteCond %{THE_REQUEST} (%0A|%0D) [NC,OR]
# Block MySQL injections, RFI, base64, etc.
RewriteCond %{QUERY_STRING} [a-zA-Z0–9_]=http:// [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0–9_]=(..//?)+ [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0–9_]=/([a-z0–9_.]//?)+ [NC,OR]
RewriteCond %{QUERY_STRING} =PHP[0–9a-f]{8}-[0–9a-f]{4}-[0–9a-f]{4}-[0–9a-f]{4}-[0–9a-f]{12} [NC,OR]
RewriteCond %{QUERY_STRING} (../|..) [OR]
RewriteCond %{QUERY_STRING} ftp: [NC,OR]
RewriteCond %{QUERY_STRING} http: [NC,OR]
RewriteCond %{QUERY_STRING} https: [NC,OR]
RewriteCond %{QUERY_STRING} =|w| [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C).*iframe.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [NC,OR]
RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*([^)]*) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0–9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} <em>REQUEST(=|[|%[0–9A-Z]{0,2}) [OR]
RewriteCond %{QUERY</em>STRING} ^.*([|]|(|)|<|>).* [NC,OR]
RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
RewriteCond %{QUERY_STRING} (./|../|…/)+(motd|etc|bin) [NC,OR]
RewriteCond %{QUERY_STRING} (localhost|loopback|127.0.0.1) [NC,OR]
RewriteCond %{QUERY_STRING} (<|>|’|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{QUERY_STRING} concat[^(]*( [NC,OR]
RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} (;|<|>|’|”|)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
RewriteRule ^(.*)$ — [F,L]
.htaccess Code to Block SQL Injection Attacks in QUERY_STRING
##### Redirect If QUERY_STRING Has SQL Injection To Honeypot -- START
#QUERY_STRING contains everything in the URL after the "?" ex.) mydomain.com/test.php?test=test
#Excluded the commands like, version, update, insert, and set because they are common words and have caused false positives
RewriteCond %{QUERY_STRING} !^$
RewriteCond %{REQUEST_URI} !honeypot.php/
RewriteCond %{QUERY_STRING} union [NC,OR]
RewriteCond %{QUERY_STRING} select [NC,OR]
RewriteCond %{QUERY_STRING} cast [NC,OR]
RewriteCond %{QUERY_STRING} declare [NC,OR]
RewriteCond %{QUERY_STRING} drop [NC,OR]
RewriteCond %{QUERY_STRING} md5 [NC,OR]
RewriteCond %{QUERY_STRING} benchmark [NC,OR]
RewriteCond %{QUERY_STRING} table [NC,OR]
RewriteCond %{QUERY_STRING} column [NC,OR]
RewriteCond %{QUERY_STRING} distinct [NC,OR]
RewriteCond %{QUERY_STRING} substr [NC,OR]
RewriteCond %{QUERY_STRING} concat [NC,OR]
RewriteCond %{QUERY_STRING} schema [NC,OR]
RewriteCond %{QUERY_STRING} hex [NC,OR]
RewriteCond %{QUERY_STRING} truncate [NC,OR]
RewriteCond %{QUERY_STRING} convert [NC,OR]
RewriteCond %{QUERY_STRING} exec [NC,OR]
RewriteCond %{QUERY_STRING} passthru [NC,OR]
RewriteCond %{QUERY_STRING} system [NC,OR]
RewriteCond %{QUERY_STRING} popen [NC,OR]
RewriteCond %{QUERY_STRING} proc [NC,OR]
RewriteCond %{QUERY_STRING} load [NC,OR]
RewriteCond %{QUERY_STRING} between [NC,OR]
RewriteCond %{QUERY_STRING} null [NC,OR]
RewriteCond %{QUERY_STRING} delay [NC,OR]
RewriteCond %{QUERY_STRING} char [NC,OR]
RewriteCond %{QUERY_STRING} sleep [NC,OR]
RewriteCond %{ QUERY_STRING } schema [NC,OR]
RewriteCond %{QUERY_STRING} unhex [NC]
RewriteRule ^(.*)$ /honeypot.php/ [NC,L]
##### Redirect If QUERY_STRING Has SQL Injection To Honeypot -- END
[Read more…]
Step 1: Enable mod_rewrite
sudo a2enmod rewrite
You must restart Apache once you make any change to its configuration. To do this, type the command below on a terminal window:
sudo systemctl restart apache2
Your server is now ready to accept rewrite rules.
Step 2: Setup your server to accept .htaccess files
By default, Apache does not allow the use of ‘.htaccess’ file so you will need to edit the configuration of each website’s virtual host file by adding the following code:
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
[Read more…]
Friday, November 8, 2019
Every Linux System has three options to clear cache without interrupting any processes or services.
1. Clear PageCache only.
# sync; echo 1 > /proc/sys/vm/drop_caches
2. Clear dentries and inodes.
# sync; echo 2 > /proc/sys/vm/drop_caches
3. Clear PageCache, dentries and inodes.
# sync; echo 3 > /proc/sys/vm/drop_caches
[Read more…]
