Loading...
 
Skip to main content

History: ModSecurity

View published page

Source of version: 19 (current)

Copy to clipboard
            ! ModSecurity Configuration for Tiki

! 1. Introduction
ModSecurity is a powerful, open-source web application firewall (WAF) module that enhances security by protecting __web applications, including Tiki sites, from a wide range of threats__ such as __SQL injection, cross-site scripting (XSS), and malicious bots attempting to scrape content or exploit vulnerabilities__. It operates based on predefined rules to filter and block potentially harmful requests. This guide provides a comprehensive walkthrough for setting up and configuring ModSecurity, ensuring __optimal security while preserving Tiki's usability and functionality__.


! 2. Installation
!! Step 1: Install ModSecurity
__For Apache (Debian/Ubuntu)__
{CODE(colors=>lua)}
sudo apt update
sudo apt install libapache2-mod-security2
{CODE}

!! Step 2: Enable ModSecurity
Enable ModSecurity by copying the recommended configuration file:
{CODE(colors=>lua)}
sudo mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
{CODE}
Then, __edit the file__:
{CODE(colors=>lua)}
sudo nano /etc/modsecurity/modsecurity.conf
{CODE}
Find:
{CODE(caption=>apache)}
SecRuleEngine DetectionOnly
{CODE}
Change it to:
{CODE(caption=>apache)}
SecRuleEngine On
{CODE}
__Save and close the file.__

!! Step 3: Verify Installation
Check if ModSecurity is enabled:
{CODE(colors=>lua)}
sudo apachectl -M | grep security2
{CODE}
Expected output:
{CODE(colors=>lua)}
 security2_module (shared)
{CODE}
If the module is not loaded, restart Apache:
{CODE(colors=>lua)}
sudo systemctl restart apache2
{CODE}


! 3. Basic Configuration
!! Step 1: Enable the OWASP CRS Rules
Enable the __OWASP Core Rule Set (CRS)__:
{CODE(colors=>lua)}
sudo nano /etc/apache2/mods-enabled/security2.conf
{CODE}
Ensure this line is included:
{CODE(caption=>apache)}
IncludeOptional /usr/share/modsecurity-crs/*.conf
{CODE}
Restart Apache:
{CODE(colors=>lua)}
sudo systemctl restart apache2
{CODE}

!! Step 2: Adjust Anomaly Scoring
Modify anomaly scoring to __reduce false positives__:
{CODE(colors=>lua)}
sudo nano /etc/modsecurity/crs/crs-setup.conf
{CODE}
Change:
{CODE(caption=>apache)}
SecAction "id:900110,phase:1,nolog,pass,t:none,setvar:tx.inbound_anomaly_score_threshold=10000"
SecAction "id:900120,phase:2,nolog,pass,t:none,setvar:tx.inbound_anomaly_score_threshold=10000"
SecAction "id:900130,phase:1,nolog,pass,t:none,setvar:tx.outbound_anomaly_score_threshold=10000"
{CODE}
Restart Apache:
{CODE(colors=>lua)}
sudo systemctl restart apache2
{CODE}


! 4. Tiki-Specific Configuration
!! Step 1: Handling False Positives
Exclude __static files__:
{CODE(colors=>lua)}
sudo nano /etc/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
{CODE}
Add:
{CODE(caption=>apache)}
SecRule REQUEST_URI "\.(jpeg|jpg|gif|png|bmp|ico|css|js)$" "id:1000017,phase:1,pass,nolog,ctl:ruleEngine=Off"
{CODE}

Allow __file uploads in Tiki__:
{CODE(caption=>apache)}
SecRule REQUEST_URI "@beginsWith /tiki-upload_file.php" "id:1000021,phase:2,pass,nolog,ctl:ruleRemoveById=200004"
{CODE}
Restart Apache:
{CODE(colors=>lua)}
sudo systemctl restart apache2
{CODE}

!! Step 2: Handling Language-Specific False Positives
Some actions by users on Tiki sites may trigger alerts or blocking due to ModSecurity's filtering rules. For example, words with multiple accented characters in a single word, like __"Měšťáček"__ (Czech), can be flagged as suspicious.

To prevent such cases from causing a __500 error__ or blocking the page:

!! Review ModSecurity logs for blocked requests:
   {CODE(colors=>lua)}
   sudo tail -f /var/log/apache2/modsec_audit.log
   {CODE}
!! Identify the specific rule blocking the request.
!! Create an exception rule in `REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf`.
   {CODE(caption=>apache)}
   SecRule REQUEST_URI "@beginsWith /tiki-editpage.php" "id:1000022,phase:2,pass,nolog,ctl:ruleRemoveById=942100"
   {CODE}
!! Restart Apache:
   {CODE(colors=>lua)}
   sudo systemctl restart apache2
   {CODE}

This ensures ModSecurity does not incorrectly block legitimate content written in different languages.

! Conclusion
This guide helps secure Tiki with ModSecurity, prevent false positives, and block malicious bots. Regularly monitor logs and adjust exclusion rules for usability.



-=related pages=-
((Security Admin))
((Advanced Settings))

-=external links=-
* http://www.modsecurity.org
* http://es.wikipedia.org/wiki/Mod_Security 
* http://sourceforge.net/projects/mod-security/

-=aliases for this page=-
(alias(mod security)) | (alias(mod_security))