|
Packit Service |
384592 |
Custom ModSecurity Modules
|
|
Packit Service |
384592 |
--------------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
This directory contains three examples how you can extend
|
|
Packit Service |
384592 |
ModSecurity without having to touch it directly, simply
|
|
Packit Service |
384592 |
by creating custom Apache modules.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
NOTE: ModSecurity must be compiled with API support
|
|
Packit Service |
384592 |
to use this feature (the API is enabled by default,
|
|
Packit Service |
384592 |
but it will have been disabled if you used -DNO_MODSEC_API).
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
Building the Example Custom Modules
|
|
Packit Service |
384592 |
-----------------------------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
1) Example custom transformation function module
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
Module mod_tfn_reverse.c creates a custom transformation
|
|
Packit Service |
384592 |
function "reverse" that reverses the content it receives
|
|
Packit Service |
384592 |
on input.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
# Compile as a normal user
|
|
Packit Service |
384592 |
apxs -I<MODSECURITY_SOURCE_CODE> -I/usr/include/libxml2 \
|
|
Packit Service |
384592 |
-ca mod_tfn_reverse.c
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
# Install as superuser
|
|
Packit Service |
384592 |
sudo apxs -i mod_tfn_reverse.la
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
2) Example custom operator module
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
Module mod_op_strstr.c creates a custom operator "strstr"
|
|
Packit Service |
384592 |
that implements fast matching using the Boyer-Moore-Horspool
|
|
Packit Service |
384592 |
algorithm.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
# Compile as a normal user
|
|
Packit Service |
384592 |
apxs -I<MODSECURITY_SOURCE_CODE> -I/usr/include/libxml2 \
|
|
Packit Service |
384592 |
-ca mod_op_strstr.c
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
# Install as superuser
|
|
Packit Service |
384592 |
sudo apxs -i mod_op_strstr.la
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
3) Example custom target variable module
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
Module mod_var_remote_addr_port.c creates a custom variable "REMOTE_ADDR_PORT"
|
|
Packit Service |
384592 |
that combines the REMOTE_ADDR and REMOTE_PORT into a.b.c.d:port format.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
# Compile as a normal user
|
|
Packit Service |
384592 |
apxs -I<MODSECURITY_SOURCE_CODE> -I/usr/include/libxml2 \
|
|
Packit Service |
384592 |
-ca mod_var_remote_addr_port.c
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
# Install as superuser
|
|
Packit Service |
384592 |
sudo apxs -i mod_var_remote_addr_port.la
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
3) Example custom request body parser module
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
Module mod_reqbody_example.c creates a custom request body parser named
|
|
Packit Service |
384592 |
"EXAMPLE". It does noting in particular, but shows the basic structure
|
|
Packit Service |
384592 |
of such a module.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
# Compile as a normal user
|
|
Packit Service |
384592 |
apxs -I<MODSECURITY_SOURCE_CODE> -I/usr/include/libxml2 \
|
|
Packit Service |
384592 |
-ca mod_reqbody_example.c
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
# Install as superuser
|
|
Packit Service |
384592 |
sudo apxs -i mod_var_remote_addr_port.la
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
# Write a phase 1 rule to set the parser
|
|
Packit Service |
384592 |
SecAction "phase:1,pass,nolog,ctl:requestBodyProcessor=EXAMPLE"
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
Using the Modules
|
|
Packit Service |
384592 |
-----------------
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
Once the modules are built and installed, you load them like any other Apache module, but they must be loaded *after* the mod_security2.so module.
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
# Load ModSecurity
|
|
Packit Service |
384592 |
LoadModule security2_module modules/mod_security2.so
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
# Load ModSecurity custom modules
|
|
Packit Service |
384592 |
LoadModule tfn_reverse_module modules/mod_tfn_reverse.so
|
|
Packit Service |
384592 |
LoadModule op_strstr_module modules/mod_op_strstr.so
|
|
Packit Service |
384592 |
LoadModule var_remote_addr_port_module modules/mod_var_remote_addr_port.so
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
# All three custom var/op/tfn used
|
|
Packit Service |
384592 |
SecRule REMOTE_ADDR_PORT "@strstr 1.2.3.4:5678" "t:reverse"
|
|
Packit Service |
384592 |
|