http://www.webhostgear.com/62.html

That's seems like a very simple installation for mod_security. I am not sure if I should install it.

- I have near to 50 Perl and PHP scripts running in my website. Will these scripts be affected? Do I need to recode the scripts?

- Will it affect other things?

- How is mod_security protecting a server?
(a) It will protect the server quietly in the background like APF.
OR
(B) It will email me a warning when there is an intrusion.
OR
© It will email me a report like chkrootkit.

- After a reboot, how do I know if mod_security is working?

Install it - it's proven excellent for us and stopped many an attempted intrusion. It also gives a heads-up for someone looking for holes in scripts.



Most likely not. The best thing is to install it with a wide range of filters and gradually change them to suit your environment. All the output from mod_security is stored in a log file which you define on installation (which is extremely easy, btw).



Other than scripts? Not usually, though it can sometimes affect JavaScript.



Yes. it basically scans all HTTP requests that come in and any that match the filters that you define will receive back an error which you can define. So instead of getting a 200 OK, they'll get a 500 or whatever you specify.



No. It does put a single line log into your Apache error_log file which you can look out for if you use logcheck (which I run hourly) and then check the mod_securty specific log for details about the filter hit.



It installs as an Apache module, so rebooting has no effect, Apache loads it up on startup together with all its other modules. You can easily test it by putting in a URL like:

http://www.mydomain.com/index.html?bug=/etc/passwd

Which should generate the error that you choose, usually 500 Server Error.

I followed those instructions and my pages started showing up without css or graphics loading. I backed it out.

Any Ideas?

-- David

I had a couple of problems with mod_security.

The biggest was that it disallows any access by users that have no set user-agent. Normally, this sounds like a decent idea, but, for some reason, when PayPal conntects to return from a transaction, they do nto set a user-agent in their software, and the connection is refused. This completely broke the OS Comemrce PayPal module.

I also had problems running script installtion routines (such as modernbill)

Only if you configure it that way. To prevent that simply don't use the directive:

SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"

Mod_security is not sonething you can just stick in and then walk away. You actually have to configure it based on your users usage patterns. If something breaks because of it, it's usually just a matter of tweaking one of the settings.

I wouldn't run a web server without it.

Since I am not at all familiar with the directives and the documentation does not provide examples, what are the settings I should use and that they won't affect the normal operation of an ordinary website?

It certainly does provide examples:

http://www.modsecurity.org/documentation/q...k-examples.html

There's even a PDF on all the options available:

http://www.modsecurity.org/documentation/m...anual-1.7.4.pdf

Personally, I used the example at the following on the admin0 site as my baseline to modify from:

http://admin0.info/articles/security/step06.html

That is a really good article. Thanks!

I'm getting a 406 error when I post a news on my phpnuke and when I try to change language settings true the admin. area...

Has anyone encouter the same problem ?

thats caused by mod_security I had a buddie of mine have that problem on his server and I couldn't figure out which rule was doing it, maybe someone here can help us here, as he still hasn't figured it out

Have a look in the mod_security audit log it should give you all the information you need to work out which rule is being tripped.