ModSecurity是一个开源的、跨平台的Web应用防火墙,它可以通过检查Web服务接收到的数据,以及发送出去的数据来对网站进行安全防护。


ModSecurity中文社区首页   ModSecurity应用实战首页



全部索引(可在当前页面通过Ctrl+F快捷键,输入指定关键词进行搜索):


配置指令

SecAction SecArgumentSeparator SecAuditEngine SecAuditLog SecAuditLog2 SecAuditLogDirMode SecAuditLogFormat SecAuditLogFileMode SecAuditLogParts SecAuditLogRelevantStatus SecAuditLogStorageDir SecAuditLogType SecCacheTransformations SecChrootDir SecCollectionTimeout SecComponentSignature SecConnEngine SecContentInjection SecCookieFormat SecCookieV0Separator SecDataDir SecDebugLog SecDebugLogLevel SecDefaultAction SecDisableBackendCompression SecHashEngine SecHashKey SecHashParam SecHashMethodRx SecHashMethodPm SecGeoLookupDb SecGsbLookupDb SecGuardianLog SecHttpBlKey SecInterceptOnError SecMarker SecPcreMatchLimit SecPcreMatchLimitRecursion SecPdfProtect SecPdfProtectMethod SecPdfProtectSecret SecPdfProtectTimeout SecPdfProtectTokenName SecReadStateLimit SecConnReadStateLimit SecSensorId SecWriteStateLimit SecConnWriteStateLimit SecRemoteRules SecRemoteRulesFailAction SecRequestBodyAccess SecRequestBodyInMemoryLimit SecRequestBodyJsonDepthLimit SecRequestBodyLimit SecRequestBodyNoFilesLimit SecRequestBodyLimitAction SecResponseBodyLimit SecResponseBodyLimitAction SecResponseBodyMimeType SecResponseBodyMimeTypesClear SecResponseBodyAccess SecRule SecRuleInheritance SecRuleEngine SecRulePerfTime SecRuleRemoveById SecRuleRemoveByMsg SecRuleRemoveByTag SecRuleScript SecRuleUpdateActionById SecRuleUpdateTargetById SecRuleUpdateTargetByMsg SecRuleUpdateTargetByTag SecServerSignature SecStatusEngine SecStreamInBodyInspection SecStreamOutBodyInspection SecTmpDir SecUnicodeMapFile SecUnicodeCodePage SecUploadDir SecUploadFileLimit SecUploadFileMode SecUploadKeepFiles SecWebAppId SecXmlExternalEntity


处理阶段

Phase Request Headers Phase Request Body Phase Response Headers Phase Response Body Phase Logging


变量

ARGS ARGS_COMBINED_SIZE ARGS_GET ARGS_GET_NAMES ARGS_NAMES ARGS_POST ARGS_POST_NAMES AUTH_TYPE DURATION ENV FILES FILES_COMBINED_SIZE FILES_NAMES FULL_REQUEST FULL_REQUEST_LENGTH FILES_SIZES FILES_TMPNAMES FILES_TMP_CONTENT GEO HIGHEST_SEVERITY INBOUND_DATA_ERROR MATCHED_VAR MATCHED_VARS MATCHED_VAR_NAME MATCHED_VARS_NAMES MODSEC_BUILD MULTIPART_CRLF_LF_LINES MULTIPART_FILENAME MULTIPART_NAME MULTIPART_PART_HEADERS MULTIPART_STRICT_ERROR MULTIPART_UNMATCHED_BOUNDARY OUTBOUND_DATA_ERROR PATH_INFO PERF_ALL PERF_COMBINED PERF_GC PERF_LOGGING PERF_PHASE1 PERF_PHASE2 PERF_PHASE3 PERF_PHASE4 PERF_PHASE5 PERF_RULES PERF_SREAD PERF_SWRITE QUERY_STRING REMOTE_ADDR REMOTE_HOST REMOTE_PORT REMOTE_USER REQBODY_ERROR REQBODY_ERROR_MSG REQBODY_PROCESSOR REQUEST_BASENAME REQUEST_BODY REQUEST_BODY_LENGTH REQUEST_COOKIES REQUEST_COOKIES_NAMES REQUEST_FILENAME REQUEST_HEADERS REQUEST_HEADERS_NAMES REQUEST_LINE REQUEST_METHOD REQUEST_PROTOCOL REQUEST_URI REQUEST_URI_RAW RESPONSE_BODY RESPONSE_CONTENT_LENGTH RESPONSE_CONTENT_TYPE RESPONSE_HEADERS RESPONSE_HEADERS_NAMES RESPONSE_PROTOCOL RESPONSE_STATUS RULE SCRIPT_BASENAME SCRIPT_FILENAME SCRIPT_GID SCRIPT_GROUPNAME SCRIPT_MODE SCRIPT_UID SCRIPT_USERNAME SDBM_DELETE_ERROR SERVER_ADDR SERVER_NAME SERVER_PORT SESSION SESSIONID STATUS_LINE STREAM_INPUT_BODY STREAM_OUTPUT_BODY TIME TIME_DAY TIME_EPOCH TIME_HOUR TIME_MIN TIME_MON TIME_SEC TIME_WDAY TIME_YEAR TX UNIQUE_ID URLENCODED_ERROR USERID USERAGENT_IP WEBAPPID WEBSERVER_ERROR_LOG XML


转换函数

base64Decode sqlHexDecode base64DecodeExt base64Encode cmdLine compressWhitespace cssDecode escapeSeqDecode hexDecode hexEncode htmlEntityDecode jsDecode length lowercase md5 none normalisePath normalizePath normalisePathWin normalizePathWin parityEven7bit parityOdd7bit parityZero7bit removeNulls removeWhitespace replaceComments removeCommentsChar removeComments replaceNulls urlDecode uppercase urlDecodeUni urlEncode utf8toUnicode sha1 trimLeft trimRight trim


动作

accuracy allow append auditlog block capture chain ctl deny deprecatevar drop exec expirevar id initcol log logdata maturity msg multiMatch noauditlog nolog pass pause phase prepend proxy redirect rev sanitiseArg sanitiseMatched sanitiseMatchedBytes sanitiseRequestHeader sanitiseResponseHeader severity setuid setrsc setsid setenv setvar skip skipAfter status t tag ver xmlns


运算符

beginsWith contains containsWord detectSQLi detectXSS endsWith fuzzyHash eq ge geoLookup gsbLookup gt inspectFile ipMatch ipMatchF ipMatchFromFile le lt noMatch pm pmf pmFromFile rbl rsub rx streq strmatch unconditionalMatch validateByteRange validateDTD validateHash validateSchema validateUrlEncoding validateUtf8Encoding verifyCC verifyCPF verifySSN within


 

ModSecurity有以下作用:

SQL Injection (SQLi):阻止SQL注入

Cross Site Scripting (XSS):阻止跨站脚本攻击

Local File Inclusion (LFI):阻止利用本地文件包含漏洞进行攻击

Remote File Inclusione(RFI):阻止利用远程文件包含漏洞进行攻击

Remote Code Execution (RCE):阻止利用远程命令执行漏洞进行攻击

PHP Code Injectiod:阻止PHP代码注入

HTTP Protocol Violations:阻止违反HTTP协议的恶意访问

HTTPoxy:阻止利用远程代理感染漏洞进行攻击

Sshllshock:阻止利用Shellshock漏洞进行攻击

Session Fixation:阻止利用Session会话ID不变的漏洞进行攻击

Scanner Detection:阻止黑客扫描网站

Metadata/Error Leakages:阻止源代码/错误信息泄露

Project Honey Pot Blacklist:蜜罐项目黑名单

GeoIP Country Blocking:根据判断IP地址归属地来进行IP阻断

 

该中文手册由原景安网络产品经理-王子通过对比原版英文帮助文档,以及加上个人使用ModSecurity的经验进行翻译,尽量让大家可以通顺的理解相关说明。其本人将不定期对该帮助文档进行更新,确保与原版英文帮助文档保持一致。



Created with the Personal Edition of HelpNDoc: Easy EPub and documentation editor