Installing mod_security

[nacarls]

Hi,

I have just switched machines from an older version of plesk to 7.5.1. My old server was a much harder nugget to crack simply because i had months of time to work it to perfection.

However my new box got messy very quick. From day one this sanity worm has been a big setback as its hard to work around even if blocked properly.

For instance, I have obviously disabled wget and other possible scripts that could be used and setup my tmp directory appropriately the second i got the box. However, this doesn stop the scripts from trying to run just stiops them from succeeding. Thus my server loads are pretty high still at this point.

So the next step I have is to install mod_security on the box, but I have been getting several errors at the compile stage with apxs.

I have tried the latest how-tos from their site but still error out every time.

Does anyone have any ideas on what could be causing this? is it even applicable for plesk 7.5.1? some sort of special apache rpm?

thanks for your help.

 

[NightStorm]

Are you sure that you are using aspx for Apache, and not apxs for Plesk? I ran into that problem initially, not realizing that Plesk had it's own version of apxs, but would not accept a lot of the installs I was trying with it (being a different version of Apache).
I managed to successfuly install it with my Plesk 7.5.1 on RHES3, so I know it can be done... and since Apache is independant from Plesk, one would not interfere with the other when it comes to installing modules.

 

[nacarls]

just from its path i am assuming the aspx is for teh control panel. However no otehr apsx exists. How would I go about installing it for a seperate apache install with no aspx to compile it with?

 

[NightStorm]

Install the httpd-devel rpm... it will include apxs.
What OS are you running on right now?

 

[nacarls]

httpd-devel is installed

os is redhat 9 enterprise

 

[nacarls]

$>rpm -q httpd-devel
httpd-devel-2.0.46-44.ent

 

[NightStorm]

updatedb (to update for any new files on the server... may take some time, so grab a coffee)
locate apxs

It should now display a copy of apxs in your httpd directory... use this to install mod_security, just like the instructions explain.
It should now work.

 

[nacarls]

worked thanks

 

[pran]

Plesk on Virtuozzo VE

How about installing mod_security inside Virtuozzo's VE? httpd-devel doesn't seem to be installed by default.

 

[Traged1]

Frontpage webadmin broken by:

# Server masking is optional
#fake server banner - NOYB used - no one needs to know what we are using
#SecServerSignature "NOYB"

And Modernbill appears to have been blocked by one of the rules, I will repost when I found the exact one.

 

[Traged1]

This is the one which is breaking modernbill

# rules.conf

#ModernBill XSS and file include
SecFilterSelective THE_REQUEST "/samples/news\.php\?DIR=(http|https|ftp)\:/"
#SecFilterSelective THE_REQUEST "/order/orderwiz\.php\?v=.*&aid=&c_code=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
#SecFilterSelective THE_REQUEST "/order/orderwiz\.php\?v=.*&aid=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"