°­ÁÂ

  • À¥¼­¹ö
  • ¾ÆÆÄÄ¡
  • ÅèÄÏ
HOME > °­ÁÂ >
°­ÁÂ| ¸®´ª½º ¹× ¿ÀǼҽº¿¡ °ü·ÃµÈ °­Á¸¦ º¸½Ç ¼ö ÀÖ½À´Ï´Ù.
 
°ø°³ À¥¹æÈ­º® Mod_Security
Á¶È¸ : 10,797  


°ø°³ À¥¹æÈ­º® Mod_Security


mod_security¶õ?

mod_security´Â À¥¾îÇø®ÄÉÀÌ¼Ç ¹æÈ­º® ÀÌ´Ù

ÇöÀç °ø°ÝÀ¯ÇüÀ» º¸¸é 70%ÀÌ»óÀÌ À¥ ¾îÇø®ÄÉÀ̼Ƿ¹º§¿¡¼­ ÀÌ·ç¾îÁö°í ÀÖÀ¸¸ç ÀÌ·¯ÇÑ

°ø°ÝÀ¸·ÎºÎÅÍ º¸´Ù ¾ÈÀüÇÏ°Ô ½Ã½ºÅÛÀÌ À¯ÁöµÉ ¼ö ÀÖµµ·Ï ÇØÁÖ´Â °ÍÀÌ mod_securityÀÌ´Ù.

ÀÌ´Â mod_security°¡ ´Ü¼ø URL »Ó ¾Æ´Ï¶ó GET, POST °ª ±×¸®°í HTTP1.1ÀÇ ½ºÆåÀ»

ºÐ¼®ÇÏ°í °Ë»çÇÒ ¼ö ÀÖ¾î ½ÇÁ¦ À¥»ó¿¡¼­ ¸í·É¾î¸¦ Ä¡°í µé¾î¿À´Â À¥ÇØÅ· ¹× Å©·¡Å·À»

¹æ¾îÇÏ´Â ¸ðµâÀÌ´Ù.



¼³Ä¡ ¹æ¹ý

¾ÆÆÄÄ¡¿¡¼­ ¼³Ä¡Çϱâ À§ÇØ °¡Àå °£´ÜÇÑ ¹æ¹ýÀº ¼Ò½º¸¦ ÄÄÆÄÀÏ ÇÏ´Â ¹æ¹ýÀÌ´Ù.

¸ÕÀú ÄÄÆÄÀÏÇϱ⿡ ¾Õ¼­ ¼Ò½º¸¦ ´Ù¿î¹ÞµðÀ§Çؼ­´Â ¾Æ·¡ URLÀÇ»çÀÌÆ®¿¡ ¹æ¹®ÇÏ¿©

´Ù¿î¹ÞÀ¸¸é µÈ´Ù .

´Ù¿î ¹ÞÀºÈÄ ¾Æ·¡¿Í °°ÀÌ ÄÄÆÄÀÏÀ» ÇÏ¸é µÈ´Ù.

$ /path/to/apache/bin/apxs -cia mod_security.c

# /path/to/apache/bin/apachectl stop

# /path/to/apache/bin/apachectl start

´Ü À©µµ¿ìÁî¿¡¼­ ¿î¿µÁßÀ̶ó¸é ¹Ì·¯ »çÀÌÆ®¿¡¼­ ¹Ì¸® ÄÄÆÄÀÏµÈ dllÀ» ´Ù¿î ¹ÞÀ¸¸é µÈ´Ù.




¼³Á¤¿¡ »ç¿ëµÇ´Â Áö½Ã¾î

SecFilterEngine (On|Off) : mod_security¿¡ ÀÇÇÑ ÇÊÅ͸¦ ½ÃÀÛÇÒÁö¿¡ ´ëÇÑ Áö½Ã¾î


SecFilterScanPOST (On|Off) : POST·Î Á¤¼ÛµÇ´Â µ¥ÀÌÅÍ¿¡ ´ëÇÑ ÇÊÅÍÀÇ »ç¿ë¿©ºÎ


SecFilterDefaultAction (pass|deny|status|redirect|exec|log|nolog)

          ÀÌ´Â ÇÊÅÍ¿¡ ÀÇÇØ °ËÃâÀÌ µÈ °æ¿ì ±âº»ÀûÀ¸·Î ¾î¶»°Ô ó¸®ÇÒÁö¿¡ÇÑ Áö½ÃÀÌ´Ù .

                    pass : °ËÃâµÇ¾îµµ ÇÊÅ͸µ ÇÏÁö ¸»°í Åë°ú

                    deny : °ËÃâµÇ¸é ¿äû °ÅºÎ (±âº»ÀûÀ¸·Î 500¿¡·¯ ¸®ÅÏ)

                    status : °ËÃâµÇ°Å³ª ±âŸ À̺¥Æ®¹ß»ý½Ã ¹ÝȯÇÒ ¿¡·¯

                    redirect : °ËÃâµÇ°Å³ª ±âŸ À̺¥Æ®¹ß»ý½Ã ¸®´ÙÀÌ·ºÆ® ½ÃÅ´

                    exec : °ËÃâµÇ°Å³ª ±âŸ À̺¥Æ®¹ß»ý½Ã ½ÇÇàÇÒ CGI

                    log : ·Î±×¸¦ ³²±è

                    nolog : ·Î±×¸¦ ³²±âÁö¾ÊÀ½


SecFilterCheckURLEncoding (On|Off) ÀÎÄÚµùµÈ ¹®ÀÚ¿­À» ±âÁ¸ÀÇ ¹®ÀÚ¿­·Î ¹Ýȯ


SecFilterDebugLog logs <filename> : ÇØ´ç ÆÄÀϸíÀ¸·Î ·Î±×³²±è


SecFilterDebugLevel <log level (int)> : 

                    0À¸·Î ¼³Á¤ÇÏ¸é ·Î±×°¡ ³²Áö ¾ÊÀ½

                    1. Ä¡¸íÀûÀÎ ·Î±×¸¦ ³²±â¸ç

                    2~3 À¸·Î°¥¼ö·Ï ÀÚ¼¼ÇÑ Á¤º¸¸¦ ³²±è

                    SecFilter KEYWORD : HTTP¿äûÀ¸·Î µé¾î¿À´Â ÆÐŶ¿¡¼­ KEYWORD¿¡ ÇØ´çÇÏ´Â ¿äûÀÌÀÖÀ¸¸é °ËÃâÇÔ

                    ex) SecFilter ¡°../

SecFilterSelective [VARIABLES]  (REGULAR|string)

                    À¥Çì´õÀÇ Æ¯Á¤ Çʵ峪 ƯÁ¤¾ÆÆÄÄ¡ º¯¼öÀÇ °ªÀ» °ËÃâÇÒ ¼ö ÀÖÀ½


SecFilterSignatureAction : ´ÙÀ½ ÇØ´ç Áö½Ã¾î°¡³ª¿Ã¶§±îÁö ÇϳªÀÇ Ã¼ÀÎÀ» ±¸¼º

                    ÇØ´çüÀο¡ ´ëÇÑ ÇÊÅÍ ¾×¼±À» ÁöÁ¤ÇÒ¼ö ÀÖÀ½




½ÇÁ¦ »ç¿ëµÇ´Â ¿¹Á¦

¾Æ·¡¿¡¼­ Å©·Î½º »çÀÌÆ®½ºÅ©¸³Æ®¸¦ Â÷´ÜÇÏ´Â ·êÀ» Â÷´ÜÇغ¸°Ù´Ù


1. <script> ¶ó´Â ű׸¦ ¹«·ÂÈ­½ÃŲ´Ù.

2. javacript, vbscriptÀÇ Áö½Ã¾î¸¦ ¹«·ÂÈ­½ÃŲ´Ù.

3. ÄíÅ°Á¤º¸¸¦ ¿­¶÷ÇÏ´Â °ÍÀ» ¹«·ÂÈ­½ÃŲ´Ù.

4. ÇØ´ç ÆäÀÌÁö¸¦ ´Ù¸¥ ÆäÀÌÁö·Î ¸®´ÙÀÌ·ºÆ® ÇÏ´Â °ÍÀ» ¹«·ÂÈ­½ÃÅ°´Ù

5. ÇØ´çÆäÀÌÁö¿¡ ½ºÅ©¸³Æ®·Î ´Ù¸¥ ¼Ò½º¸¦ »ðÀÔÇÏ´Â °ÍÀ» ¹«·ÂÈ­½ÃŲ´Ù.



# ÇØ´ç Áö½Ã¾î°¡ ´Ù½Ã ³ª¿Ã¶§±îÁö üÀÎÀ» ±¸¼ºÇϸç ÇÊÅ͸µ½Ã XSS attackÀ̶ó´Â

# ·Î±×¸¦ ³²±â¸ç ÇÊÅ͸µ½Ã Â÷´ÜÀ» Ç϶ó.

SecFilterSignatureAction "log,deny,msg:'XSS attack'"

# ³Ñ¾î¿À´Â °ªÁß¿¡ ¡°<script¡°¶ó´Â ¹®ÀÚ¸¦ ÇÊÅ͸µÇ϶ó

SecFilterSelective ARGS "<script"

# ³Ñ¾î¿À´Â °ªÁß¿¡ "javascript:"¹®ÀÚ¸¦ ÇÊÅ͸µÇ϶ó

SecFilterSelective ARGS "javascript:"

# ³Ñ¾î¿À´Â °ªÁß¿¡ "vbscript:"¹®ÀÚ¸¦ ÇÊÅ͸µÇ϶ó

SecFilterSelective ARGS "vbscript:"

# ³Ñ¾î¿À´Â °ªÁß¿¡ "document.cookie"¹®ÀÚ¸¦ ÇÊÅ͸µÇ϶ó

SecFilterSelective ARGS "document.cookie"

# ³Ñ¾î¿À´Â °ªÁß¿¡ "document.location"¹®ÀÚ¸¦ ÇÊÅ͸µÇ϶ó

SecFilterSelective ARGS "document.location"

# ³Ñ¾î¿À´Â °ªÁß¿¡ "document.write" ¹®ÀÚ¸¦ ÇÊÅ͸µÇ϶ó

SecFilterSelective ARGS "document.write"

[¿ø±Û¸µÅ©] : https://www.linux.co.kr/home2/board/subbs/board.php?bo_table=lecture&wr_id=1496


ÀÌ ±ÛÀ» Æ®À§ÅÍ·Î º¸³»±â ÀÌ ±ÛÀ» ÆäÀ̽ººÏÀ¸·Î º¸³»±â ÀÌ ±ÛÀ» ¹ÌÅõµ¥ÀÌ·Î º¸³»±â

 
ÀÌÀç¼®
º»¸í : ÀÌÀç¼®
e-mail : locli¾Üsuperuser.co.kr
¼Ò¼Ó : (ÁÖ)¼öÆÛÀ¯ÀúÄÚ¸®¾Æ