ModSecurity Handbook(使用手册)ModSecurity Handbook使用手册

文件名称: ModSecurity Handbook(使用手册)

所属分类: 网络攻防

开发工具:

文件大小: 1mb

下载次数: 0

上传时间: 2019-03-01

提供者: avata******

下载 (1mb)

不能下载？报告错误

详细说明：ModSecurity Handbook使用手册英文原版的,免费奉献给大家 Modsecurity for Apache 用户手册介绍 Modsecurity 是一个开放原代码的入侵检测和防护引擎,用来保护Web应用程序.他同样和可以当作一个Web应用程序防火墙.它嵌入到Web服务器中,担当一个强大的保护伞-保护来自应用程序的攻击. ModSecurity 和web服务器结合,增强web服务器抗攻击的能力.Fedora Core, CentOS, and Red Hat Enterprise Linux..........27 Debian and ubuntu∴…27 Installation on windows 28 3. Configuration ....... 29 Folder locations∴ 30 Configuration Layout……………………………………….32 Adding mod security to apache.......................... 33 Powering up∴134 Request body handling…… 35 Response body Handling…… 36 Filesystem Locations……………… 38 File uploads… 38 Debug Log Audit l Miscellaneous options Default Rule Match Policy Handling Parsing errors 41 Verifying Installation 4. Logging Debug Log……….….……..… 44 Debugging in Prodr Audit Log 音看看 47 Audit Log entry Example 48 Concurrent Audit Log 50 Remote Logging… 51 Configuring mlogc∴ 53 Activating Mlogc∴ 54 Troubleshooting mlogc 56 File Upload Interception…………………,57 Storing files 58 Inspecting files… 58 Integrating with ClamAV 60 Guardian Log……….... Advanced Logging Configuration 62 Increasing Logging from a rule………………….62 Dynamically Altering Logging Configuration…………….63 Removing Sensitive Data from Audit logs……… 63 Selective audit logging……………………64 5. Rule language overview.......................................66 Anatomy of a rule……………………………………,66 Variables∴ Request variables 音音音番音音音音音音音音 68 Server variables∴ 音音音番音音音音 69 Response variables… 70 Miscellaneous variables 71 Parsing flags…… 71 Collections∴72 Time variables Operators 73 String matching operators…… 73 Numerical operators……………………………………………,174 Validation ope Miscellaneous operators ∴75 Actions 75 Disruptive actions 75 Flow actions∴ Metadata actions∴ 76 Variable actions Logging actions∴………………………,77 Special actions∴ 77 Miscellaneous actions 78 6. Rule language tutorial 79 Introducing simple rules and operators Working with variables 80 Combining rules into chains Operator negation 81 Variable counting 81 Using actions… 82 Understanding ac 83 Actions in chained rules ................................................................84 Unconditional rules 85 USing transformation functions…………………………….85 Blocking…… 87 Changing rule flow 87 Smarter skipping… 89 If-then-else∴ 89 Controlling logging……….….….….….….…….….….….….……..90 Capturing data............................................91 Variable manipulation 92 Variable expansion…………………… 92 Recording data in alerts 94 Adding meta data…… 95 7. Rule Configuration 98 Apache Configuration Syntax .98 Breaking lines∴ 9 Directives and parameters. ............................................................100 Spreading configuration across files. ...............................................100 Container directives 102 Configuration contexts 103 Configuration merging… 104 Configuration Inheritance ..104 Configuration inheritance…… Rule inheritant SecDefaultaction inheritance anomaly 106 Rule manipulation 107 Removing rules at configure-time 107 Updating rules at configure-time.…….,108 Excluding rules at run-time.............................. 109 8. Persistent Storage…,… 垂 110 Manipulating Collection Records Creating records 111 Application namespaces Initializing record 113 Controlling record longevity………………………………,113 Deleting records… 114 Detecting very old records 115 Collection variables 115 Built-in variables 116 Variable expir 116 Variable value depreciation 117 Implementation details Retrieving records………,,,,,… ,118 ing a collectio 119 Record limits 121 Applied persistence....................................... 122 Periodic alerting.................................... 122 Denial of service attack detection ...............................................125 Brute force attack detection 127 Session management… 129 Initializing Sessions ∴129 Blocking sessions… 1131 Forcing session regeneration………..….…..…..…..….…..131 Restricting Session Life Time 132 Detecting Session Hijacking……… 134 User management 136 Detecting Users Sign In………………………,137 Detecting Users s g g n Out 138 9. Practical Rule Writing……………………………………………139 Whitelist Whitelisting thec 139 Whitelisting mechanics 140 Granular whitelisting…… 141 Complete whitelisting example………… 141 Virtual patching 142 Reputation Management……… 143 Organizing Rule Sets……… 143 Using Rule Sets∴………………………………,143 Integration with other Apache modules……… Conditional logging 144 Header manipulation∴ 145 Securing session cookies 145 Advanced block 146 Making the most of regular expressions………… 147 How ModSecurity Compiles Patterns Changing how patterns are compiled 147 148 Common pattern problems 149 Regular Expression Denial of Service 150 Resources∴ 150 Performance tips…………,…,…,…,…,,…,,…,,…,,…,……,…,151 10. Content Injection 152 Writing content injection rules 152 Communicating back to the server 155 Interrupting page rendering………. 155 Using external JavaScript code………,……… 156 Communicating with Users 157 1. Writing Rules in lua……….….………….…….…….………….,159 Rule language integration 160 Lua rules skeleto 160 ng Variable 161 ogging 162 Lua actions 162 12. Handling Xml 164 XML Parsing 164 DTDⅤ alidation∴1168 XML Schema validation 169 Ⅹ ML Namespaces ,171 XPath Expressions…… 173 XPath and namespaces 175 Ⅹ ML Inspection Framework… 175 13. Extending Rule Language…… 178 Extension Template…………… 179 Adding a transformation Function ,181 Adding an Operator… 184 Adding a variable 188 II. Reference documentation 192 14. Reference manual ...................................................................................193 Configuration Directives .193 SecAction… 193 SecArgumentseparator 193 Secauditengine… 194 SecAuditLog .195 SecAuditlog2 195 SecAuditlogdirmode 196 SecAuditLog FileMode… ∴196 SecAuditlogParts g SecAuditlogrelevantstatus .198 SecAuditlogSto geD 199 SecAuditlog Type…………………………………,19 SecCache Transformations(Deprecated/ Experimental) 199 c chroot 200 Seccomponentsignature 201 SeccontentInjection 201 Seccookie format ......................................................................202 DataDir 202 agog 202 SecDebugloglevel 203 SecDefaultaction ,. SecGeolookupdb 204 SecGuardianlog……………………………………,204 clarker 205 SecPdfProtect(Obsolete 205 SecPdfProtectMethod(obsolete) 206 SecPdfProtectSecret(Obsolete) 206 SecPdfProtectTimeout(Obsolete).... 207 SecPdfProtect Token Name(Obsolete) 207 SecRequest bodyaccess 207 SecRequestBody limit………… 208 Secrequest body nofileslimit 208 SecRequestBodylnmemorylimit 209 SecResponse BodyLimit 209 SecResponseBodylimitAction………………… 210 SecResponseBody Mime Type 210 SecResponseBody clear…… 211 Secresponse bodyaccess 211 Secrule 211 SecRulelnheritance 214 SecRuleengine……… 216 SecRuleremove Byld 216 SecRuleremove byes 216 SecRuleScript(Experimental) 217 SecRuleupdate Action Byld ..219 SecserverSignature…… 219 SecTmpDir 219 Secuploaddir∴ 220 SecUploadFilemode∴ 220 SecuploadKeep files 221 SecWebAppld 221 Variables∴ 222 ARGs 222 ARGS COMBINED SIZE 223 ARGS NAMES 224 ARGS GET 224 ARGS GET NAMES∴224 ARGS POST 224 ARGS POST NAMES 224 AUTH TYPE 224 DURATION 225 ENV FILES 音音音音音音音音音音自D音音·音音·音音音音音音音音音番音音音非音非自音音音番音音垂音垂音 FILES COMBINED SIZE 225 FILES NAMES 225 FILES SIZES…225 FILES TMPNAMES∴ 226 GEO 226 HIGHEST SEVERITY 227 MATCHEDⅤAR∴ 227 MATCHED VAR NAME 227 MODSEC BUILD ,227 MULTIPART CRLF LF LINES ∴228 MULTIPART STRICT ERROR 228 MULTIPART UNMATCHED BOUNDARY ∴229 PATH INFO QUERY STRING 229 REMOTE ADDR… 229 REMOTE HOST 229 REMOTE PORT 230 REMOTE USER 230 REQBODY PROCESSOR 230 REQBODY PROCESSOR_ ERROR 230 REQBODY PROCESSOR ERROR_ MSG 231 REQUEST BASENAME 231 REQUEST BODY 231 REQUEST COOKIES 232 REQUEST COOKIES NAMES 232 REQUEST FILENAME ∴232 REQUEST HEADERS……….232 REQUEST HEADERS NAMES 233 REQUEST LINE 番音D音音·音音音音 233 REQUEST METHOD 233 REQUEST PROTOCOL……233 REQUEST URI 233 REQUEST URI RAW 234 RESPONSE BODY 234 RESPONSE CONTENT LENGTH ..............................................234 RESPONSE CONTENT TYPE 234 RESPONSE HEADERS 234 RESPONSE HEADERS NAMES……235 RESPONSE PROTOCOL 235 RESPONSE STATUS D音音 ∴235 RULE 音 SCRIPT BASENAME……236 SCRIPT FILENAME∴.236 SCRIPT GID 236 SCRIPT GROUPNAME 236 SCRIPT MODE ..237 SCRIPT UID 237 SCRIPT USERNAME 237 SERⅤ ER ADDR∴ 237 SERVER NAME 237 SERVER PORT 238 SESSION 238 SESSIONID 238 TIME ...·..··.········.··.········· 238 TIME DAY 239 TIME EPOCH .239 TIME HOUR 239 TIME MIN 239 TIME MON∴ ∴239 TIME SEC 239 TIME WDAY 240 TIME YEAR 240 TX URLENCODED ERROR 240 USERID 音音音 ,240 WEBAPPID 241 WEBSERⅤ ER ERROR LOG…………241 XML 241 Transformation functions 242 base64 Decode 243 base64 Encode……,243 compress whitespace ................................. 243 cssDecode∴244

(系统自动生成,下载前可以参看下载内容)