1。在windows环境下,安装二进制版本比较简单,因为从源程序安装需要编译,这里不再介绍。
2。首先需下载mod_security-2.5.12-win32.zip,该版本支持Apache 2.2.x
3。在Apache安装目录modules文件夹下新建文件夹mod_security2,解压缩mod_security-2.5.12-win32.zip,将mod_security2.so,libxml2.dll and pcre.dll复制到mod_security2文件夹。
4。因为该插件是在Visual Studio 2008环境下编译的,所以必须安装Visual C++ 2008,如果你没有安装,可在微软网站直接下载安装:
www.microsoft.com/downloads/details.aspx?FamilyID=9B2DA534-3E03-4391-8A4D-074B9F2BC1BF&displaylang=en
5。将以下内容添加至httpd.conf:
LoadModule security2_module modules/mod_security2/mod_security2.so
# Enable the module unique_id by uncommenting:
LoadModule unique_id_module modules/mod_unique_id.so
# Configuration: see the included documentation
# A very quick start:
SecRuleEngine On
SecDefaultAction log,auditlog,deny,status:403,phase:2,t:lowercase,t:replaceNulls,t:compressWhitespace
SecAuditEngine RelevantOnly
SecAuditLogType Serial
SecAuditLog logs/mod_security2.log
## -- General rules --------------------
SecRule ARGS "c:/" t:normalisePathWin
SecRule ARGS "\.\./" "t:normalisePathWin,id:99999,severity:4,msg:'Drive Access'"
SecRule ARGS "d:/" t:normalisePathWin
## -- phpBB attack --------------------
SecRule ARGS:highlight "(\x27|%27|\x2527|%2527)"
6。重启apache,检查mod_security是否已经工作:
用以下方式访问你的站点:http://www.xxxx.com/?abc=../../
页面应该是拒绝访问,显示以下信息:
Forbidden
You don't have permission to access .. on this server.
因为这个访问方式引发了上述规则中的:SecRule ARGS "\.\./" t:normalisePathWin