Pl check it.
Today morning I decided to check about apache secuity. In one of the article I read abt mod_security module. I could locate much docs abt its installation part. After 3-4 hrs of studying , I made these configuration. I want you to check these confs and let me knw where I am lacking/missing and if these confs are OK.
These are the only changes which are made and nothing else.
1.Downloaded the modsecurity-apache_2.1.0.tar.gz from
http://www.modsecurity.org web site.
2) copy the modsecurity.conf-minimal file (after extracting .tar.gz file) to /etc/httpd/conf/modsecurity directory.
3)vi /etc/httpd/conf/httpd.conf
enter the following line:
# Load config files from the config directory "/etc/httpd/conf.d".
#
Include conf.d/*.conf (default)
Include conf/modsecurity/*.conf
4)restart the httpd service and OK
Doubts ???
1)when i copy the file (in step 2 moddsecurity.conf-minimal)and if i renames it to moddsecurity.conf, httpd service display error as:
[root@fruits rules]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: Syntax error on line 3 of /etc/httpd/conf/modsecurity/modsecurity.conf:
Invalid command 'SecRuleEngine', perhaps mis-spelled or defined by a module notincluded in the server configuration
[FAILED]
2)Other thing I want to know , is this modsecurity module is working and should i go for it
This is the first time n day when i m configuring this..any kind of help will be a lot for me