Portal Home > Knowledgebase > Articles Database > Mod_Security
Mod_Security
Posted by addieparker, 08-25-2009, 12:08 AM |
How can i be sure that mod_security I have installed is working.
I have installed it but i am not sure how to verify its active and working
|
Posted by MikeDVB, 08-25-2009, 01:27 AM |
Depending on the settings on the server go to a site and then go to a 404 page (file not found page) and if it's running Apache and the settings are right it will tell you at the bottom.
Beyond that, you can check to see what Modules Apache has loaded. I forget the command off the top of my head but it's something like /etc/init.d/httpd -l
|
Posted by alanzkorner, 08-25-2009, 02:05 AM |
Hello,
If it is a Cpanel server you will be able to find a folder
/etc/httpd/conf/modsec2 modesec2 in this location .
It will have four files as shown below to which you can add custom rules ,
custom.conf
exclude.conf
rootkits.conf
whitelist.conf
Basically whatever be the kind of server , it will have an entry in your apache conf
Open /etc/httpd/conf/http.conf in vi editor ( for cpanel ) or for other servers locate the httpd.conf and search for the entry modsec m you will be able to find some thing like
Include "/usr/local/apache/conf/modsec2.conf"
which will be the modsec conf ,
Also you can check your apache error log , if Modsec is working and your server has a number of websites , you will be able to see modesec protecting your server using its rules
do a tail -f /usr/local/apache/logs/error_log | grep modesec on a terminal .( or the corresponding error log ) .
Hope that helps.
|
Posted by adminpaul, 08-25-2009, 05:40 AM |
Hi,
Execute the following command in your server. If mod_security is enabled, it will list the module name mod_security
httpd -t -D DUMP_MODULES
|
Posted by WHR-Abner, 08-25-2009, 06:32 AM |
Check the pattern matching strings in the mod_security custom rules file.
Try accessing one of the string via browser, say http://domain/string.php
'tail' the error logs, you will see the mod_security error if it is working properly.
|
Add to Favourites Print this Article
Also Read
sagonet.com (Views: 902)