Part One of Lab: Apache Mod_Security Configuration Class Activity 1

• Now my web server is ready to protect against common attack types like XSS, SQL Injection, Protocol Violation, etc. as I have installed Core Rule and turned on Rule Engine.

This lab will test three types of attacks against my web server to test the security of it after installing Mod Security.

First, run the same type of XSS Attack from the previous lab. This is a test attack that should not bring harm to the web server, but should trigger a 403 Forbidden Error now that the server is more secure.

• https://10.0.17.103/??<script>XSS_Attack</script>

I can monitor the modsec_audit.log in the /var/log/httpd folder to see the request, the blocking of the request, and why the request was blocked.

"Directory traversal attacks can create a lot of damage by accessing system related files that should not be available to web users. For example /etc/passwd, .htaccess, etc."

• Open a browser and attempt a simulated directory traversal using a URL like the one below.

http://server-ip/?../../boot

• This simulated attack worked in the first part of the lab, but now it is blocked!

Monitor the modsec_audit.log in the /var/log/httpd folder:

Rocky Install of Telnet:

yum install telnet

Kali Install of Telnet:

sudo apt update
sudo apt install telnet

Use telnet to the web server and attempt to load the page, but also include a <script> in the GET page request parameter.

• Make sure that Listen 80 is not commented out in the /etc/httpd/conf/httpd.conf configuration. Run sudo systemctl restart httpd after any configuration change!