الويب العربي - مجموعة قوانين للمود سيكورتي rule for Mod

معلش اش رايك بهذي القوانين ايهم افضل ؟؟؟؟

إقتباس:

<IfModule mod_security.c>
# Turn the filtering engine On or Off
SecFilterEngine On

# Change Server: string
SecServerSignature "Modelayer.Com"

# This setting should be set to On only if the Web site is
# using the Unicode encoding. Otherwise it may interfere with
# the normal Web site operation.
SecFilterCheckUnicodeEncoding Off

# The audit engine works independently and
# can be turned On of Off on the per-server or
# on the per-directory basis. "On" will log everything,
# "DynamicOrRelevant" will log dynamic requests or violations,
# and "RelevantOnly" will only log policy violations
SecAuditEngine RelevantOnly

# The name of the audit log file
SecAuditLog logs/audit_log

# Should mod_security inspect POST payloads
SecFilterScanPOST On

# Action to take by default
SecFilterDefaultAction "deny,log,status:400"

# # ## ## ## ## ## ## ## ## ##
# # ## ## ## ## ## ## ## ## ##

# Require Content-Length to be provided with
# every POST request
SecFilterSelective REQUEST_METHOD "^POST$" chain
SecFilterSelective HTTP_Content-Length "^$"

# Don't accept transfer encodings we know we don't handle
# (and you don't need it anyway)
SecFilterSelective HTTP_Transfer-Encoding "!^$"

# my own rules
SecFilter "\/var\/tmp"
SecFilter "command=cd"
SecFilter "\/etc\/passwd"
SecFilter "rootDir"
SecFilterSelective THE_REQUEST "/etc/passwd"
SecFilterSelective THE_REQUEST "/etc/shadow"
SecFilterSelective THE_REQUEST "cd /var/spool "
SecFilterSelective THE_REQUEST "cd /dev/shm "
SecFilterSelective THE_REQUEST "cd /dev "
SecFilterSelective THE_REQUEST "cd shm "
SecFilter "/dev/shm"
SecFilterSelective THE_REQUEST "/usr/bin/id"
SecFilterSelective THE_REQUEST "/bin/kill"
SecFilterSelective THE_REQUEST "/usr/bin/gcc"
SecFilterSelective THE_REQUEST "/usr/bin/cc"
SecFilterSelective THE_REQUEST "/usr/bin/g\+\+"
SecFilterSelective THE_REQUEST "/bin/ping"
SecFilterSelective THE_REQUEST "/bin/mail"
SecFilterSelective THE_REQUEST "/bin/ls"
SecFilterSelective THE_REQUEST "/usr/sbin/httpd"
SecFilter "local_path"
SecFilter "LOCAL_PATH"
SecFilterSelective THE_REQUEST "rootDir"
SecFilter "rootDir"
SecFilterSelective REQUEST_URI "\.php\?act=(chmod&f|cmd|f&f=|ls|img&img=)"
SecFilterSelective ARGS "/shell\.php\&cmd="
SecFilterSelective REQUEST_URI "Hacked.*by.*member.*of.*SCC"
SecFilterSelective THE_REQUEST "/~(root|ftp|bin|nobody|named|guest|logs|sshd)(/\S *)? HTTP/(0\.9|1\.[01])$"
SecFilterSelective REQUEST_URI "/~(root|ftp|bin|nobody|named|guest|logs|sshd)/ "
secFilterSelective THE_REQUEST "cgitelnet"
SecFilter "nstview\.php"
SecFilterSelective THE_REQUEST "chmod\x20"
SecFilterSelective THE_REQUEST "wget\x20"
SecFilterSelective THE_REQUEST "uname\x20-a"

# methods of downloading files to a server
SecFilterSelective THE_REQUEST "wget "
SecFilterSelective THE_REQUEST "\.cgi*" chain
SecFilterSelective THE_REQUEST "lynx "
SecFilterSelective THE_REQUEST "Fhome"
SecFilterSelective THE_REQUEST "ftp "
SecFilterSelective THE_REQUEST "php?phpinfo"
SecFilterSelective THE_REQUEST "php?phpini"
SecFilterSelective THE_REQUEST "php?mem"
SecFilterSelective THE_REQUEST "php?cpu"
SecFilterSelective THE_REQUEST "php?users"
SecFilterSelective THE_REQUEST "php?tmp"
SecFilterSelective THE_REQUEST "php?delete"
SecFilterSelective THE_REQUEST "curl "
SecFilterSelective THE_REQUEST "ssh "
SecFilterSelective THE_REQUEST "echo "
SecFilterSelective THE_REQUEST "links -dump "
SecFilterSelective THE_REQUEST "links -dump-charset "
SecFilterSelective THE_REQUEST "links -dump-width "
SecFilterSelective THE_REQUEST "links http:// "
SecFilterSelective THE_REQUEST "links ftp:// "
SecFilterSelective THE_REQUEST "links -source "
SecFilterSelective THE_REQUEST "mkdir "
SecFilterSelective THE_REQUEST "cd /tmp "
SecFilterSelective THE_REQUEST "cd /var/tmp "
SecFilterSelective THE_REQUEST "cd /etc/httpd/proxy "
SecFilterSelective THE_REQUEST "/config.php?v=1&DIR "
SecFilterSelective THE_REQUEST "changedir=%2Ftmp%2F.php "
SecFilterSelective THE_REQUEST "cmd=cd\x20/var "
secfilterSelective THE_REQUEST "HCL_path=http "
SecFilterSelective THE_REQUEST "clamav-partial "
SecFilterSelective THE_REQUEST "vi\.recover "
SecFilterSelective THE_REQUEST "netenberg "
SecFilterSelective THE_REQUEST "psybnc "
SecFilterSelective THE_REQUEST "fantastico_de_luxe "
SecFilterSelective THE_REQUEST "2Fpublic_html&"
SecFilterSelective THE_REQUEST ".htaccess"
SecFilterSelective THE_REQUEST "c99sh_datapipe.pl"
SecFilterSelective THE_REQUEST "listDBs"
SecFilterSelective THE_REQUEST "%2home%2"
SecFilterSelective THE_REQUEST "%2home%"
SecFilterSelective THE_REQUEST "%home%"
SecFilterSelective THE_REQUEST "%home"
SecFilterSelective THE_REQUEST "home%"
SecFilterSelective THE_REQUEST "%2Fhome%2"
SecFilterSelective THE_REQUEST "%2Fhome%"
SecFilterSelective THE_REQUEST "%Fhome%"
SecFilterSelective THE_REQUEST "%Fhome"
SecFilterSelective THE_REQUEST "Fhome%"
SecFilterSelective THE_REQUEST "2Fpublic_html&"
SecFilterSelective THE_REQUEST "/etc/"
SecFilterSelective THE_REQUEST "cd "

# WEB-PHP phpbb quick-reply.php arbitrary command attempt
SecFilterSelective POST_PAYLOAD "wget "
SecFilterSelective POST_PAYLOAD "lynx "
SecFilterSelective POST_PAYLOAD "Fhome"
SecFilterSelective POST_PAYLOAD "curl "
SecFilterSelective POST_PAYLOAD "ssh "
SecFilterSelective POST_PAYLOAD "echo "
SecFilterSelective POST_PAYLOAD "links -dump "
SecFilterSelective POST_PAYLOAD "links -dump-charset "
SecFilterSelective POST_PAYLOAD "links -dump-width "
SecFilterSelective POST_PAYLOAD "links http:// "
SecFilterSelective POST_PAYLOAD "links ftp:// "
SecFilterSelective POST_PAYLOAD "links -source "
SecFilterSelective POST_PAYLOAD "mkdir "
SecFilterSelective POST_PAYLOAD "cd /tmp "
SecFilterSelective POST_PAYLOAD "cd /var/tmp "
SecFilterSelective POST_PAYLOAD "cmd=cd\x20/var "
SecFilterSelective POST_PAYLOAD "HCL_path=http "
SecFilterSelective POST_PAYLOAD "clamav-partial "
SecFilterSelective POST_PAYLOAD "vi\.recover "
SecFilterSelective POST_PAYLOAD "netenberg "
SecFilterSelective POST_PAYLOAD "psybnc "
SecFilterSelective POST_PAYLOAD "fantastico_de_luxe "
SecFilterSelective POST_PAYLOAD ".htaccess"
SecFilterSelective POST_PAYLOAD "c99sh_datapipe.pl"
SecFilterSelective POST_PAYLOAD "listDBs"
SecFilterSelective POST_PAYLOAD "%2home%2"
SecFilterSelective POST_PAYLOAD "%2home%"
SecFilterSelective POST_PAYLOAD "%home%"
SecFilterSelective POST_PAYLOAD "%home"
SecFilterSelective POST_PAYLOAD "home%"
SecFilterSelective POST_PAYLOAD "%2Fhome%2"
SecFilterSelective POST_PAYLOAD "%2Fhome%"
SecFilterSelective POST_PAYLOAD "%Fhome%"
SecFilterSelective POST_PAYLOAD "%Fhome"
SecFilterSelective POST_PAYLOAD "Fhome%"
SecFilterSelective POST_PAYLOAD "2Fpublic_html&"
SecFilterSelective POST_PAYLOAD "/etc/"
SecFilterSelective POST_PAYLOAD "SHOW DATABASES "
SecFilterSelective THE_REQUEST "/~root"
SecFilterSelective THE_REQUEST "/~ftp"
SecFilterSelective THE_REQUEST "/htgrep" chain
SecFilterSelective THE_REQUEST "/htgrep" log,pass
SecFilterSelective THE_REQUEST "/\.history"
SecFilterSelective THE_REQUEST "/\.bash_history"
SecFilterSelective THE_REQUEST "/~nobody"
SecFilterSelective THE_REQUEST "psybnc"
SecFilterSelective THE_REQUEST "dir=http"
SecFilterSelective THE_REQUEST "\?STRENGUR"
SecFilterSelective THE_REQUEST "/etc/motd"
SecFilterSelective THE_REQUEST "/etc/passwd"
SecFilterSelective THE_REQUEST "conf/httpd\.conf"

</IfModule>