Mod Security Attack Protection Class Activity 2 - Hsanokklis/2023-2024-Tech-journal GitHub Wiki

Now your web server is ready to protect against common attack types like XSS, SQL Injection, Protocol Violation, etc. as we have installed Core Rule and turned on Rule Engine.

• Open a browser and request a simulated bad page from your server with the <script> tag at the end of the URL. Such as:
  • http://192.168.1.20/??<script>XSS_Attack</script>
• Monitor the modesec_audit.log in the /var/log/httpd folder

• As you can see Mod Security blocks this request as it contains <script> tag which is the root of a XSS attack.

Directory traversal attacks can create a lot of damage by accessing system related files that should not be available to web users. For example /etc/passwd, .htaccess, etc.

• Open a browser and attempt a simulated directory traversal using a URL like the one below.
  • http://server-ip/?../../boot

• Monitor the modsec_audit.log in the /var/log/httpd folder
• As you can see Mod Security blocks request as it contains directory traversal.

I had issues with viewing the full logs in nano, so I went in the nano configuarion file and made it so that the lines wrapped and that each line has line numbers.

• nano ~/.nanorc
  • It won't have anything in the file
• add set softwrap and set linenumbers to the nano file

As we have done the last few weeks, use telnet to the web server and attempt to load the page.

make sure to enable port 80 in the httpd.conf fileto use mod_evasive because it cannot handle SSl (which is port 443)

• use <script> in the GET page request parameter.