CSPF develops custom modsecurity rules for public use

By | May 9, 2015

CSPF has developed modsecurity rules that can protect servers from malicious hackers. This is written by Mr. Manish Tanwar & Mr. Suriya Prakash

Though OWASP CRS covers a lot of vulnerabilities it does not protect against most backdoor’s and latest bypasses.

The other rules sets that are available are commercial in nature. So CSPF is developing a growing set of rules to protect against the latest bypasses and backdoors and releasing them publicly for all to use.

The rules that we have provided can be easily expanded manually to suit your own needs.

The video below will show how to enable these rules and also show a small demo of their functions.

The mod-security rules can be downloaded here:

The rules are currently able to:

  • Block Sensitive Files/Folders from being Accessed
  • Block b374k shell variants.
  • Block some common well known shells
  • Disables directory listing and phpinfo
  • Block SQL Injection
    • Normal SQL Injection
    • Blind and Time Based SQL injection
    • All types of SQLi

 

 

How to use it?

Install Modsecurity.

Place the custom rules in a file

eg:/etc/httpd/msec/created/cus.conf

then edit httpd.conf or apache.conf (Depends on OS)

eg:/etc/httpd/conf/httpd.conf

add the lines like this:
==============================================
<IfModule security2_module>
include msec/modsecuritydefault.conf
include msec/created/cus.conf
</IfModule>
==============================================

Then restart the server.

——————————————————————————————–

Files:

Usage Video:

https://drive.google.com/file/d/0BwjcnnWhy4E3UkZwckV1UGM0SE0/view?usp=sharing

Custom Modsecurity Rule:

https://drive.google.com/file/d/0BwjcnnWhy4E3R1Y5T3ozTTJsS1k/view?usp=sharing

Custom Modsecurity Rules(Windows View):

https://drive.google.com/file/d/0BwjcnnWhy4E3cDhqWDQwbURMN0k/view?usp=sharing

 

Leave a Reply

Your email address will not be published. Required fields are marked *