{"id":239,"date":"2021-05-04T19:44:07","date_gmt":"2021-05-04T17:44:07","guid":{"rendered":"https:\/\/blog.exterra-services.cz\/?p=239"},"modified":"2021-05-04T19:44:08","modified_gmt":"2021-05-04T17:44:08","slug":"waf-modsecurity-apache-centos-7","status":"publish","type":"post","link":"https:\/\/blog.exterra-services.cz\/index.php\/2021\/05\/04\/waf-modsecurity-apache-centos-7\/","title":{"rendered":"Webov\u00fd aplika\u010dn\u00ed firewall ModSecurity pro Apache na CentOSu 7 – instalace"},"content":{"rendered":"\n

Pro zodoln\u011bn\u00ed Apache http serveru je mo\u017eno zvolit mnoho zp\u016fsob\u016f (nap\u0159. fail2ban <\/span>IPS pro dynamickou anal\u00fdzu log\u016f a banov\u00e1n\u00ed \u00fato\u010d\u00edc\u00edch IP adres na firewalu OS). Dal\u0161\u00edm zp\u016fsobem je webov\u00fd aplika\u010dn\u00ed firewall (Web Application Firewall – WAF), kter\u00fd lze k Apache http serveru doinstalovat jako modul mod_security. Tento n\u00e1stroj um\u00ed chr\u00e1nit webov\u00fd server proti \u0161kodliv\u00e9mu k\u00f3du jako nap\u0159\u00edklad SQL injection, cross site scripting, Trojsk\u00fdm kon\u00edm, session hijackingu, atd.<\/p>\n\n\n\n

Instalace je z repozit\u00e1\u0159e jednoduch\u00e1.<\/p>\n\n\n\n

yum install mod_security.x86_64 mod_security_crs.noarch<\/pre>\n\n\n\n
V adres\u00e1\u0159i \/etc\/httpd\/conf.d najdete nov\u00fd konfigura\u010dn\u00ed soubor mod_security.conf, kde velmi doporu\u010duji nastavit parametr SecRuleEngine z hodnoty On na DetectionOnly.<\/p>\n\n\n\n
SecRuleEngine DetectionOnly <\/pre>\n\n\n\n
Touto \u00fapravou zajist\u00edte, \u017ee ModSecurity bude pouze detekovat hrozby, ale nijak do komunikace nebude zasahovat.<\/p>\n\n\n\n
Dal\u0161\u00edmi d\u016fle\u017eit\u00fdmi parametry jsou cesty k definic\u00edm pravidel pro detekci hrozeb.<\/p>\n\n\n\n
IncludeOptional modsecurity.d\/*.conf <\/code>\nIncludeOptional modsecurity.d\/activated_rules\/*.conf <\/code>\nIncludeOptional modsecurity.d\/local_rules\/*.conf<\/code><\/pre>\n\n\n\n
P\u0159ed p\u0159epnut\u00edm WAF z detek\u010dn\u00edho re\u017eimu do aktivn\u00edho doporu\u010duji ve v\u0161ech definovan\u00fdch virtu\u00e1ln\u00edch webech selektivn\u011b ModSecurity vypnout p\u0159id\u00e1n\u00edm n\u00e1sleduj\u00edc\u00ed konfigurace.<\/p>\n\n\n\n
<IfModule mod_security2.c>\nSecRuleEngine Off \n<\/IfModule><\/pre>\n\n\n\n
Odstran\u011bn\u00edm t\u00e9to \u010d\u00e1sti konfigurace postupn\u011b m\u016f\u017eete odladit chov\u00e1n\u00ed WAF a p\u0159\u00edpadn\u011b naj\u00edt „false positive“ detekce.<\/p>\n\n\n\n
Po\u010d\u00edtejte s t\u00edm, \u017ee zejm\u00e9na star\u0161\u00ed aplikace nebo aplikace „samodomo“ budou vykazovat velkou m\u00edru fale\u0161en\u00fdch pozitivit!<\/p>\n\n\n\n
K z\u00e1klad\u016fm instalace a konfigurace WAF ModSecurity existuje online ebook<\/span>.<\/p>\n","protected":false},"excerpt":{"rendered":"
Webov\u00fd aplika\u010dn\u00ed firewall ModSecurity (mod_security) pro Apache na CentOSu 7 krok za krokem.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ocean_post_layout":"","ocean_both_sidebars_style":"","ocean_both_sidebars_content_width":0,"ocean_both_sidebars_sidebars_width":0,"ocean_sidebar":"","ocean_second_sidebar":"","ocean_disable_margins":"enable","ocean_add_body_class":"","ocean_shortcode_before_top_bar":"","ocean_shortcode_after_top_bar":"","ocean_shortcode_before_header":"","ocean_shortcode_after_header":"","ocean_has_shortcode":"","ocean_shortcode_after_title":"","ocean_shortcode_before_footer_widgets":"","ocean_shortcode_after_footer_widgets":"","ocean_shortcode_before_footer_bottom":"","ocean_shortcode_after_footer_bottom":"","ocean_display_top_bar":"default","ocean_display_header":"default","ocean_header_style":"","ocean_center_header_left_menu":"","ocean_custom_header_template":"","ocean_custom_logo":0,"ocean_custom_retina_logo":0,"ocean_custom_logo_max_width":0,"ocean_custom_logo_tablet_max_width":0,"ocean_custom_logo_mobile_max_width":0,"ocean_custom_logo_max_height":0,"ocean_custom_logo_tablet_max_height":0,"ocean_custom_logo_mobile_max_height":0,"ocean_header_custom_menu":"","ocean_menu_typo_font_family":"","ocean_menu_typo_font_subset":"","ocean_menu_typo_font_size":0,"ocean_menu_typo_font_size_tablet":0,"ocean_menu_typo_font_size_mobile":0,"ocean_menu_typo_font_size_unit":"px","ocean_menu_typo_font_weight":"","ocean_menu_typo_font_weight_tablet":"","ocean_menu_typo_font_weight_mobile":"","ocean_menu_typo_transform":"","ocean_menu_typo_transform_tablet":"","ocean_menu_typo_transform_mobile":"","ocean_menu_typo_line_height":0,"ocean_menu_typo_line_height_tablet":0,"ocean_menu_typo_line_height_mobile":0,"ocean_menu_typo_line_height_unit":"","ocean_menu_typo_spacing":0,"ocean_menu_typo_spacing_tablet":0,"ocean_menu_typo_spacing_mobile":0,"ocean_menu_typo_spacing_unit":"","ocean_menu_link_color":"","ocean_menu_link_color_hover":"","ocean_menu_link_color_active":"","ocean_menu_link_background":"","ocean_menu_link_hover_background":"","ocean_menu_link_active_background":"","ocean_menu_social_links_bg":"","ocean_menu_social_hover_links_bg":"","ocean_menu_social_links_color":"","ocean_menu_social_hover_links_color":"","ocean_disable_title":"default","ocean_disable_heading":"default","ocean_post_title":"","ocean_post_subheading":"","ocean_post_title_style":"","ocean_post_title_background_color":"","ocean_post_title_background":0,"ocean_post_title_bg_image_position":"","ocean_post_title_bg_image_attachment":"","ocean_post_title_bg_image_repeat":"","ocean_post_title_bg_image_size":"","ocean_post_title_height":0,"ocean_post_title_bg_overlay":0.5,"ocean_post_title_bg_overlay_color":"","ocean_disable_breadcrumbs":"default","ocean_breadcrumbs_color":"","ocean_breadcrumbs_separator_color":"","ocean_breadcrumbs_links_color":"","ocean_breadcrumbs_links_hover_color":"","ocean_display_footer_widgets":"default","ocean_display_footer_bottom":"default","ocean_custom_footer_template":"","ocean_post_oembed":"","ocean_post_self_hosted_media":"","ocean_post_video_embed":"","ocean_link_format":"","ocean_link_format_target":"self","ocean_quote_format":"","ocean_quote_format_link":"post","ocean_gallery_link_images":"on","ocean_gallery_id":[],"footnotes":""},"categories":[5],"tags":[],"class_list":["post-239","post","type-post","status-publish","format-standard","hentry","category-technologie","entry"],"yoast_head":"\nWebov\u00fd aplika\u010dn\u00ed firewall ModSecurity pro Apache na CentOSu 7 - instalace | Coffeespot<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.exterra-services.cz\/index.php\/2021\/05\/04\/waf-modsecurity-apache-centos-7\/\" \/>\n<meta property=\"og:locale\" content=\"cs_CZ\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Webov\u00fd aplika\u010dn\u00ed firewall ModSecurity pro Apache na CentOSu 7 - instalace | Coffeespot\" \/>\n<meta property=\"og:description\" content=\"Webov\u00fd aplika\u010dn\u00ed firewall ModSecurity (mod_security) pro Apache na CentOSu 7 krok za krokem.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.exterra-services.cz\/index.php\/2021\/05\/04\/waf-modsecurity-apache-centos-7\/\" \/>\n<meta property=\"og:site_name\" content=\"Coffeespot\" \/>\n<meta property=\"article:published_time\" content=\"2021-05-04T17:44:07+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-05-04T17:44:08+00:00\" \/>\n<meta name=\"author\" content=\"Petr \u0160antr\u016f\u010dek\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Napsal(a)\" \/>\n\t<meta name=\"twitter:data1\" content=\"Petr \u0160antr\u016f\u010dek\" \/>\n\t<meta name=\"twitter:label2\" content=\"Odhadovan\u00e1 doba \u010dten\u00ed\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minuta\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/blog.exterra-services.cz\/index.php\/2021\/05\/04\/waf-modsecurity-apache-centos-7\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/blog.exterra-services.cz\/index.php\/2021\/05\/04\/waf-modsecurity-apache-centos-7\/\"},\"author\":{\"name\":\"Petr \u0160antr\u016f\u010dek\",\"@id\":\"https:\/\/blog.exterra-services.cz\/#\/schema\/person\/9d7d8c191f609a8a425d4c493eeee788\"},\"headline\":\"Webov\u00fd aplika\u010dn\u00ed firewall ModSecurity pro Apache na CentOSu 7 – instalace\",\"datePublished\":\"2021-05-04T17:44:07+00:00\",\"dateModified\":\"2021-05-04T17:44:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/blog.exterra-services.cz\/index.php\/2021\/05\/04\/waf-modsecurity-apache-centos-7\/\"},\"wordCount\":255,\"publisher\":{\"@id\":\"https:\/\/blog.exterra-services.cz\/#\/schema\/person\/9d7d8c191f609a8a425d4c493eeee788\"},\"articleSection\":[\"Technologie\"],\"inLanguage\":\"cs\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.exterra-services.cz\/index.php\/2021\/05\/04\/waf-modsecurity-apache-centos-7\/\",\"url\":\"https:\/\/blog.exterra-services.cz\/index.php\/2021\/05\/04\/waf-modsecurity-apache-centos-7\/\",\"name\":\"Webov\u00fd aplika\u010dn\u00ed firewall ModSecurity pro Apache na CentOSu 7 - instalace | Coffeespot\",\"isPartOf\":{\"@id\":\"https:\/\/blog.exterra-services.cz\/#website\"},\"datePublished\":\"2021-05-04T17:44:07+00:00\",\"dateModified\":\"2021-05-04T17:44:08+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/blog.exterra-services.cz\/index.php\/2021\/05\/04\/waf-modsecurity-apache-centos-7\/#breadcrumb\"},\"inLanguage\":\"cs\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.exterra-services.cz\/index.php\/2021\/05\/04\/waf-modsecurity-apache-centos-7\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.exterra-services.cz\/index.php\/2021\/05\/04\/waf-modsecurity-apache-centos-7\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.exterra-services.cz\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Webov\u00fd aplika\u010dn\u00ed firewall ModSecurity pro Apache na CentOSu 7 – instalace\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.exterra-services.cz\/#website\",\"url\":\"https:\/\/blog.exterra-services.cz\/\",\"name\":\"Coffeespot\",\"description\":\"novinky z IT sv\u011bta\",\"publisher\":{\"@id\":\"https:\/\/blog.exterra-services.cz\/#\/schema\/person\/9d7d8c191f609a8a425d4c493eeee788\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.exterra-services.cz\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"cs\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/blog.exterra-services.cz\/#\/schema\/person\/9d7d8c191f609a8a425d4c493eeee788\",\"name\":\"Petr \u0160antr\u016f\u010dek\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"cs\",\"@id\":\"https:\/\/blog.exterra-services.cz\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/154c38d0d2d25a88896d979541de331f6606987733e06f398d3552a6871e5b77?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/154c38d0d2d25a88896d979541de331f6606987733e06f398d3552a6871e5b77?s=96&d=mm&r=g\",\"caption\":\"Petr \u0160antr\u016f\u010dek\"},\"logo\":{\"@id\":\"https:\/\/blog.exterra-services.cz\/#\/schema\/person\/image\/\"},\"sameAs\":[\"http:\/\/www.exterra-services.cz\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Webov\u00fd aplika\u010dn\u00ed firewall ModSecurity pro Apache na CentOSu 7 - instalace | Coffeespot","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.exterra-services.cz\/index.php\/2021\/05\/04\/waf-modsecurity-apache-centos-7\/","og_locale":"cs_CZ","og_type":"article","og_title":"Webov\u00fd aplika\u010dn\u00ed firewall ModSecurity pro Apache na CentOSu 7 - instalace | Coffeespot","og_description":"Webov\u00fd aplika\u010dn\u00ed firewall ModSecurity (mod_security) pro Apache na CentOSu 7 krok za krokem.","og_url":"https:\/\/blog.exterra-services.cz\/index.php\/2021\/05\/04\/waf-modsecurity-apache-centos-7\/","og_site_name":"Coffeespot","article_published_time":"2021-05-04T17:44:07+00:00","article_modified_time":"2021-05-04T17:44:08+00:00","author":"Petr \u0160antr\u016f\u010dek","twitter_card":"summary_large_image","twitter_misc":{"Napsal(a)":"Petr \u0160antr\u016f\u010dek","Odhadovan\u00e1 doba \u010dten\u00ed":"1 minuta"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.exterra-services.cz\/index.php\/2021\/05\/04\/waf-modsecurity-apache-centos-7\/#article","isPartOf":{"@id":"https:\/\/blog.exterra-services.cz\/index.php\/2021\/05\/04\/waf-modsecurity-apache-centos-7\/"},"author":{"name":"Petr \u0160antr\u016f\u010dek","@id":"https:\/\/blog.exterra-services.cz\/#\/schema\/person\/9d7d8c191f609a8a425d4c493eeee788"},"headline":"Webov\u00fd aplika\u010dn\u00ed firewall ModSecurity pro Apache na CentOSu 7 – instalace","datePublished":"2021-05-04T17:44:07+00:00","dateModified":"2021-05-04T17:44:08+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.exterra-services.cz\/index.php\/2021\/05\/04\/waf-modsecurity-apache-centos-7\/"},"wordCount":255,"publisher":{"@id":"https:\/\/blog.exterra-services.cz\/#\/schema\/person\/9d7d8c191f609a8a425d4c493eeee788"},"articleSection":["Technologie"],"inLanguage":"cs"},{"@type":"WebPage","@id":"https:\/\/blog.exterra-services.cz\/index.php\/2021\/05\/04\/waf-modsecurity-apache-centos-7\/","url":"https:\/\/blog.exterra-services.cz\/index.php\/2021\/05\/04\/waf-modsecurity-apache-centos-7\/","name":"Webov\u00fd aplika\u010dn\u00ed firewall ModSecurity pro Apache na CentOSu 7 - instalace | Coffeespot","isPartOf":{"@id":"https:\/\/blog.exterra-services.cz\/#website"},"datePublished":"2021-05-04T17:44:07+00:00","dateModified":"2021-05-04T17:44:08+00:00","breadcrumb":{"@id":"https:\/\/blog.exterra-services.cz\/index.php\/2021\/05\/04\/waf-modsecurity-apache-centos-7\/#breadcrumb"},"inLanguage":"cs","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.exterra-services.cz\/index.php\/2021\/05\/04\/waf-modsecurity-apache-centos-7\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.exterra-services.cz\/index.php\/2021\/05\/04\/waf-modsecurity-apache-centos-7\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.exterra-services.cz\/"},{"@type":"ListItem","position":2,"name":"Webov\u00fd aplika\u010dn\u00ed firewall ModSecurity pro Apache na CentOSu 7 – instalace"}]},{"@type":"WebSite","@id":"https:\/\/blog.exterra-services.cz\/#website","url":"https:\/\/blog.exterra-services.cz\/","name":"Coffeespot","description":"novinky z IT sv\u011bta","publisher":{"@id":"https:\/\/blog.exterra-services.cz\/#\/schema\/person\/9d7d8c191f609a8a425d4c493eeee788"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.exterra-services.cz\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"cs"},{"@type":["Person","Organization"],"@id":"https:\/\/blog.exterra-services.cz\/#\/schema\/person\/9d7d8c191f609a8a425d4c493eeee788","name":"Petr \u0160antr\u016f\u010dek","image":{"@type":"ImageObject","inLanguage":"cs","@id":"https:\/\/blog.exterra-services.cz\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/154c38d0d2d25a88896d979541de331f6606987733e06f398d3552a6871e5b77?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/154c38d0d2d25a88896d979541de331f6606987733e06f398d3552a6871e5b77?s=96&d=mm&r=g","caption":"Petr \u0160antr\u016f\u010dek"},"logo":{"@id":"https:\/\/blog.exterra-services.cz\/#\/schema\/person\/image\/"},"sameAs":["http:\/\/www.exterra-services.cz"]}]}},"_links":{"self":[{"href":"https:\/\/blog.exterra-services.cz\/index.php\/wp-json\/wp\/v2\/posts\/239","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.exterra-services.cz\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.exterra-services.cz\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.exterra-services.cz\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.exterra-services.cz\/index.php\/wp-json\/wp\/v2\/comments?post=239"}],"version-history":[{"count":0,"href":"https:\/\/blog.exterra-services.cz\/index.php\/wp-json\/wp\/v2\/posts\/239\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.exterra-services.cz\/index.php\/wp-json\/wp\/v2\/media?parent=239"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.exterra-services.cz\/index.php\/wp-json\/wp\/v2\/categories?post=239"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.exterra-services.cz\/index.php\/wp-json\/wp\/v2\/tags?post=239"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}