°ø°³ À¥¹æÈº® Mod_Security
mod_security¶õ?
mod_security´Â À¥¾îÇø®ÄÉÀÌ¼Ç ¹æÈº® ÀÌ´Ù
ÇöÀç °ø°ÝÀ¯ÇüÀ» º¸¸é 70%ÀÌ»óÀÌ À¥ ¾îÇø®ÄÉÀ̼Ƿ¹º§¿¡¼ ÀÌ·ç¾îÁö°í ÀÖÀ¸¸ç ÀÌ·¯ÇÑ
°ø°ÝÀ¸·ÎºÎÅÍ º¸´Ù ¾ÈÀüÇÏ°Ô ½Ã½ºÅÛÀÌ À¯ÁöµÉ ¼ö ÀÖµµ·Ï ÇØÁÖ´Â °ÍÀÌ mod_securityÀÌ´Ù.
ÀÌ´Â mod_security°¡ ´Ü¼ø URL »Ó ¾Æ´Ï¶ó GET, POST °ª ±×¸®°í HTTP1.1ÀÇ ½ºÆåÀ»
ºÐ¼®ÇÏ°í °Ë»çÇÒ ¼ö ÀÖ¾î ½ÇÁ¦ À¥»ó¿¡¼ ¸í·É¾î¸¦ Ä¡°í µé¾î¿À´Â À¥ÇØÅ· ¹× Å©·¡Å·À»
¹æ¾îÇÏ´Â ¸ðµâÀÌ´Ù.
¼³Ä¡ ¹æ¹ý
¾ÆÆÄÄ¡¿¡¼ ¼³Ä¡Çϱâ À§ÇØ °¡Àå °£´ÜÇÑ ¹æ¹ýÀº ¼Ò½º¸¦ ÄÄÆÄÀÏ ÇÏ´Â ¹æ¹ýÀÌ´Ù.
¸ÕÀú ÄÄÆÄÀÏÇϱ⿡ ¾Õ¼ ¼Ò½º¸¦ ´Ù¿î¹ÞµðÀ§Çؼ´Â ¾Æ·¡ URLÀÇ»çÀÌÆ®¿¡ ¹æ¹®ÇÏ¿©
´Ù¿î¹ÞÀ¸¸é µÈ´Ù .
´Ù¿î ¹ÞÀºÈÄ ¾Æ·¡¿Í °°ÀÌ ÄÄÆÄÀÏÀ» ÇÏ¸é µÈ´Ù.
$ /path/to/apache/bin/apxs -cia mod_security.c
# /path/to/apache/bin/apachectl stop
# /path/to/apache/bin/apachectl start
´Ü À©µµ¿ìÁî¿¡¼ ¿î¿µÁßÀ̶ó¸é ¹Ì·¯ »çÀÌÆ®¿¡¼ ¹Ì¸® ÄÄÆÄÀÏµÈ dllÀ» ´Ù¿î ¹ÞÀ¸¸é µÈ´Ù.
¼³Á¤¿¡ »ç¿ëµÇ´Â Áö½Ã¾î
SecFilterEngine (On|Off) : mod_security¿¡ ÀÇÇÑ ÇÊÅ͸¦ ½ÃÀÛÇÒÁö¿¡ ´ëÇÑ Áö½Ã¾î
SecFilterScanPOST (On|Off) : POST·Î Á¤¼ÛµÇ´Â µ¥ÀÌÅÍ¿¡ ´ëÇÑ ÇÊÅÍÀÇ »ç¿ë¿©ºÎ
SecFilterDefaultAction (pass|deny|status|redirect|exec|log|nolog)
ÀÌ´Â ÇÊÅÍ¿¡ ÀÇÇØ °ËÃâÀÌ µÈ °æ¿ì ±âº»ÀûÀ¸·Î ¾î¶»°Ô ó¸®ÇÒÁö¿¡ÇÑ Áö½ÃÀÌ´Ù .
pass : °ËÃâµÇ¾îµµ ÇÊÅ͸µ ÇÏÁö ¸»°í Åë°ú
deny : °ËÃâµÇ¸é ¿äû °ÅºÎ (±âº»ÀûÀ¸·Î 500¿¡·¯ ¸®ÅÏ)
status : °ËÃâµÇ°Å³ª ±âŸ À̺¥Æ®¹ß»ý½Ã ¹ÝȯÇÒ ¿¡·¯
redirect : °ËÃâµÇ°Å³ª ±âŸ À̺¥Æ®¹ß»ý½Ã ¸®´ÙÀÌ·ºÆ® ½ÃÅ´
exec : °ËÃâµÇ°Å³ª ±âŸ À̺¥Æ®¹ß»ý½Ã ½ÇÇàÇÒ CGI
log : ·Î±×¸¦ ³²±è
nolog : ·Î±×¸¦ ³²±âÁö¾ÊÀ½
SecFilterCheckURLEncoding (On|Off) ÀÎÄÚµùµÈ ¹®ÀÚ¿À» ±âÁ¸ÀÇ ¹®ÀÚ¿·Î ¹Ýȯ
SecFilterDebugLog logs <filename> : ÇØ´ç ÆÄÀϸíÀ¸·Î ·Î±×³²±è
SecFilterDebugLevel <log level (int)> :
0À¸·Î ¼³Á¤ÇÏ¸é ·Î±×°¡ ³²Áö ¾ÊÀ½
1. Ä¡¸íÀûÀÎ ·Î±×¸¦ ³²±â¸ç
2~3 À¸·Î°¥¼ö·Ï ÀÚ¼¼ÇÑ Á¤º¸¸¦ ³²±è
SecFilter KEYWORD : HTTP¿äûÀ¸·Î µé¾î¿À´Â ÆÐŶ¿¡¼ KEYWORD¿¡ ÇØ´çÇÏ´Â ¿äûÀÌÀÖÀ¸¸é °ËÃâÇÔ
ex) SecFilter ¡°../
SecFilterSelective [VARIABLES] (REGULAR|string)
À¥Çì´õÀÇ Æ¯Á¤ Çʵ峪 ƯÁ¤¾ÆÆÄÄ¡ º¯¼öÀÇ °ªÀ» °ËÃâÇÒ ¼ö ÀÖÀ½
SecFilterSignatureAction : ´ÙÀ½ ÇØ´ç Áö½Ã¾î°¡³ª¿Ã¶§±îÁö ÇϳªÀÇ Ã¼ÀÎÀ» ±¸¼º
ÇØ´çüÀο¡ ´ëÇÑ ÇÊÅÍ ¾×¼±À» ÁöÁ¤ÇÒ¼ö ÀÖÀ½
½ÇÁ¦ »ç¿ëµÇ´Â ¿¹Á¦
¾Æ·¡¿¡¼ Å©·Î½º »çÀÌÆ®½ºÅ©¸³Æ®¸¦ Â÷´ÜÇÏ´Â ·êÀ» Â÷´ÜÇØº¸°Ù´Ù
1. <script> ¶ó´Â ű׸¦ ¹«·ÂȽÃŲ´Ù.
2. javacript, vbscriptÀÇ Áö½Ã¾î¸¦ ¹«·ÂȽÃŲ´Ù.
3. ÄíŰÁ¤º¸¸¦ ¿¶÷ÇÏ´Â °ÍÀ» ¹«·ÂȽÃŲ´Ù.
4. ÇØ´ç ÆäÀÌÁö¸¦ ´Ù¸¥ ÆäÀÌÁö·Î ¸®´ÙÀÌ·ºÆ® ÇÏ´Â °ÍÀ» ¹«·ÂȽÃŰ´Ù
5. ÇØ´çÆäÀÌÁö¿¡ ½ºÅ©¸³Æ®·Î ´Ù¸¥ ¼Ò½º¸¦ »ðÀÔÇÏ´Â °ÍÀ» ¹«·ÂȽÃŲ´Ù.
# ÇØ´ç Áö½Ã¾î°¡ ´Ù½Ã ³ª¿Ã¶§±îÁö üÀÎÀ» ±¸¼ºÇϸç ÇÊÅ͸µ½Ã XSS attackÀ̶ó´Â
# ·Î±×¸¦ ³²±â¸ç ÇÊÅ͸µ½Ã Â÷´ÜÀ» Ç϶ó.
SecFilterSignatureAction "log,deny,msg:'XSS attack'"
# ³Ñ¾î¿À´Â °ªÁß¿¡ ¡°<script¡°¶ó´Â ¹®ÀÚ¸¦ ÇÊÅ͸µÇ϶ó
SecFilterSelective ARGS "<script"
# ³Ñ¾î¿À´Â °ªÁß¿¡ "javascript:"¹®ÀÚ¸¦ ÇÊÅ͸µÇ϶ó
SecFilterSelective ARGS "javascript:"
# ³Ñ¾î¿À´Â °ªÁß¿¡ "vbscript:"¹®ÀÚ¸¦ ÇÊÅ͸µÇ϶ó
SecFilterSelective ARGS "vbscript:"
# ³Ñ¾î¿À´Â °ªÁß¿¡ "document.cookie"¹®ÀÚ¸¦ ÇÊÅ͸µÇ϶ó
SecFilterSelective ARGS "document.cookie"
# ³Ñ¾î¿À´Â °ªÁß¿¡ "document.location"¹®ÀÚ¸¦ ÇÊÅ͸µÇ϶ó
SecFilterSelective ARGS "document.location"
# ³Ñ¾î¿À´Â °ªÁß¿¡ "document.write" ¹®ÀÚ¸¦ ÇÊÅ͸µÇ϶ó
SecFilterSelective ARGS "document.write"