上一次安裝了 ModSecurity 2.x,雖然可以正常運作,但是 wordpress 卻無法正常運作,例如: 新增文章,這次安裝了 ModSecurity 3.x ,WordPress 可以正常運作了。
安裝方法參考官方網站 https://github.com/SpiderLabs/ModSecurity
安裝相依套件
sudo yum -y install gcc make httpd-devel libxml2 pcre-devel libxml2-devel curl-devel gcc-c++ flex bison yajl yajl-devel curl GeoIP-devel doxygen zlib-devel pcre-devel libtool autoreconf autoheader automake autoconf flex bison pcre libcurl libcurl-devel
#2024.08.26更新(for CentOS Stream 8)
sudo yum install gcc gcc-c++ flex bison yajl lmdb lua curl-devel curl GeoIP-devel zlib-devel pcre-devel pcre2-devel libxml2-devel ssdeep-devel libtool autoconf automake make redhat-rpm-config httpd-devel 下載 ModSecurity
git clone https://github.com/SpiderLabs/ModSecurity
cd ModSecurity
git checkout -b v3/master origin/v3/master
sh build.sh
git submodule init
git submodule update安裝 ModSecurity
cd ModSecurity
./configure
sudo make
sudo make install複製檔案
# 複製檔案到 /etc/httpd/conf.d/modsecurity.d/ 目錄
sudo mkdir /etc/httpd/conf.d/modsecurity.d
sudo cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.d/modsecurity.conf
sudo cp unicode.mapping /etc/httpd/conf.d/modsecurity.d/安裝 Modsecurity-apache
git clone https://github.com/SpiderLabs/ModSecurity-apache
cd ModSecurity-apache
./autogen.sh
./configure --with-libmodsecurity=/usr/local/modsecurity/
make
sudo make install修改 /etc/httpd/conf/httpd.conf
sudo vi /etc/httpd/conf/httpd.conf
將下面新增到 httpd.conf
LoadModule security3_module modules/mod_security3.so
安裝 Application Security Project (OWASP) rule set
cd /etc/httpd/conf.d/modsecurity.d
sudo git clone https://github.com/coreruleset/coreruleset.git
cd conf.d/modsecurity.d/coreruleset
git checkout -b v3.3/master origin/v3.3/master
sudo cp crs-setup.conf.example modsecurity_crs_10_config.conf新增 /etc/httpd/modsecurity_rules.conf
將下面幾行寫入到 /etc/httpd/modsecurity_rules.conf
Include /etc/httpd/conf.d/modsecurity.d/modsecurity.conf
Include /etc/httpd/conf.d/modsecurity.d/coreruleset/modsecurity_crs_10_config.conf
Include /etc/httpd/conf.d/modsecurity.d/coreruleset/rules/*.conf修改 /etc/httpd/conf.d/modsecurity.d/modsecurity.conf
sudo vi /etc/httpd/conf.d/modsecurity.d/modsecurity.conf
a. 偵測模式與啟用設定
#SecRuleEngine DetectionOnly
SecRuleEngine On
b. 修改log位置
SecAuditLog /var/log/modsecurity/modsec_audit.log
註: 必須要建立該目錄且權限為httpd的user group 才會正常運作.修改 vhost 檔案
<Directory /var/www/html>
Options FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
modsecurity on
modsecurity_rules_file /etc/httpd/modsecurity_rules.conf
</Directory>重新啟動 httpd
sudo service httpd restart註:
1. 目前使用 ModSecurity v3.0.9 核心 及 coreruleset v3.3.4 可以讓 wordpress 正常使用。
2. 此版本在 laravel 的專案中發現 request error 會造成某些資料被移除
3. 安裝 ModSecurity 3.x 至少需要 2G 的記憶體才能complie 成功。
#忽略 mailTemplates 目錄檢查, 只記錄與偵測, 不報錯.
SecRule REQUEST_URI "@beginsWith /mailTemplates" \
"id:1001,phase:1,log,pass,ctl:ruleEngine=DetectionOnly"