Chinaunix首页 | 论坛 | 博客

RHCAhg1995.blog.chinaunix.net

首页 |  博文目录 |  关于我

hg1995

  • 博客访问: 440468
  • 博文数量: 112
  • 博客积分: 4451
  • 博客等级: 上校
  • 技术积分: 1063
  • 用 户 组: 普通用户
  • 注册时间: 2009-02-23 10:19
个人简介

更多精品http://shop65927331.taobao.com

文章分类

全部博文(112)

文章存档

2011年(19)

2010年(54)

2009年(39)

我的朋友
最近访客
推荐博文
相关博文
Apache安全模块ModSecurity的安装

分类: 系统运维

2010-11-24 17:23:59

   随着使用apache得人越来越多,和使用web服务得广泛.web服务器得安全问题也是一个至关重要得问题.但是在国内真正能够做web服务安全得感觉并不是很多.而且即使是有得话相对来讲成本也是很高的.所以我们希望能够找到一个价格相对低廉而且又有效的方法来防护web服务的安全.
    ModSecurity is a web application firewall (WAF). With over 70% of attacks now carried out over the web application level, organisations need all the help they can get in making their systems secure. WAFs are deployed to establish an increased external security layer to detect and/or prevent attacks before they reach web applications. ModSecurity provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with little or no changes to existing infrastructure
This manual is only for ModSecurity installation.
This manual is only for ModSecurity installation.
Lab entironment:
RHEL5.4 2.6.18-164.el5
Server version: Apache/2.2.3
ModSecurity:modsecurity-apache_2.5.12
1>ModSecurity installation requirements
  1. ModSecurity 2.x works only with Apache 2.0.x or higher. Version 2.2.x is highly recommended.
  2.Make sure you have mod_unique_id installed.
    check:
    #ls /usr/lib/httpd/modules/mod_unique_id.so
    #grep mod_unique_id /etc/httpd/conf/httpd.conf
    if don't exist, add the following line to httpd.conf:
    LoadModule unique_id_module modules/mod_unique_id.so
  3.apr apr-util curl
    #yum install apr apr-util curl -y
  4.pcre
    #wget
    #tar zxvf pcre-8.10.tar.gz
    #cd pcre-8.10
    #./configure --prefix=/usr/local/pcre
    #make ; make install
  5.libxml2
    #wget
    #tar zxvf libxml2-2.7.8.tar.gz
    #cd libxml2
    #./configure --prefix=/usr/local/libxml2
    #make ; make install
  4.apxs
    #yum install httpd-devel -y

2>ModSecurity installation consists of the following steps:
  1.download the source package:
    #wget http://nchc.dl.sourceforge.net/project/mod-security/modsecurity-apache/2.5.12/modsecurity-apache_2.5.12.tar.gz
  2.Stop Apache httpd
  3.Unpack the ModSecurity-apache archive and compile:
    #tar zxvf modsecurity-apache_2.5.12.tar.gz
    #cd modsecurity-apache_2.5.12/apache2
    #./configure  --with-apxs=/usr/sbin/apxs --with-pcre=/usr/local/pcre --with-libxml=/usr/local/libxml2
    #make ;make test
    #make install
    OK,the  module is  /usr/lib/httpd/modules/mod_security2.so
  4.Edit the main Apache httpd config file (usually httpd.conf)
    On UNIX  you must load libxml2 before ModSecurity with something like this:
    LoadFile /usr/lib/libxml2.so
    load module:
    LoadModule security2_module modules/mod_security2.so
  5.Configure ModSecurity
  6.Start Apache httpd
    You'll see the message like this :
    ModSecurity for Apache/2.5.12 (http://www.modsecurity.org/) configured
 
 
 
阅读(2397) | 评论(0) | 转发(0) |
0

上一篇:RedHat Linux 内核版本划分

下一篇:Linux Commands For Shared Library Management

给主人留下些什么吧!~~
关于我们 | 关于IT168 | 联系方式 | 广告合作 | 法律声明 | 免费注册

Copyright 2001-2010 ChinaUnix.net All Rights Reserved 北京皓辰网域网络信息技术有限公司. 版权所有

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6