mod_security and Joomla 3

[Adam Rifat]

Hi All,

After installing mod_security and the OWARs ruleset I find that a lot of the rules are being triggered in the admin area and even on the frontend when trying to view the site (so I switched it to logging mode only).

Does anyone have any good resources they could point me to or experience in setting up mod_security for Joomla install?

Many thanks,

Adam

[Tristan Bailey]

I looked at mod_security but didn't use it last year so would be interested in what you learn from it. 

Do you mean with your setup you can't use it with Joomla without a good bit more tweaking?

Tristan

---
Tristan Bailey
Freelance web developer
+ analytics and social building

--
You received this message because you are subscribed to the Google Groups "Joomla! General Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to joomla-dev-gene...@googlegroups.com.
To post to this group, send email to joomla-de...@googlegroups.com.
Visit this group at http://groups.google.com/group/joomla-dev-general.
For more options, visit https://groups.google.com/d/optout.

[Adam Rifat]

No I mean that the OWASP ModSecurity Core Rule Set (CRS) https://github.com/SpiderLabs/owasp-modsecurity-crs doesn't play that nicely with the Joomla administrator area, especially when mod_security is set to deny rather than log...

I added a simple rule to scan the contents of POST data for spammy keywords and that works fine but I'm interested in a more generic 'protection' or hardening of the app.

There are these Joomla specific rules (https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/master/slr_rules/modsecurity_crs_46_slr_et_joomla_attacks.conf) but in all honesty I'm not sure what they're about.

Will have to do a bit more research and learning i.e. RTFM!

On Monday, 17 March 2014 21:12:19 UTC, tristanbailey wrote:

I looked at mod_security but didn't use it last year so would be interested in what you learn from it. 

Do you mean with your setup you can't use it with Joomla without a good bit more tweaking?

Tristan

---
Tristan Bailey
Freelance web developer
+ analytics and social building

On Monday, 17 March 2014 at 15:43, Adam Rifat wrote:

Hi All,

After installing mod_security and the OWARs ruleset I find that a lot of the rules are being triggered in the admin area and even on the frontend when trying to view the site (so I switched it to logging mode only).

Does anyone have any good resources they could point me to or experience in setting up mod_security for Joomla install?

Many thanks,

Adam

--
You received this message because you are subscribed to the Google Groups "Joomla! General Development" group.

To unsubscribe from this group and stop receiving emails from it, send an email to joomla-dev-general+unsub...@googlegroups.com.

[Tristan Bailey]

That the direction I was thinking. That I'd like to harden it but imagine it would take work to make the rules fit or turn some off. Thanks for the links. 

T

---
Tristan Bailey
Freelance web developer
+ analytics and social building

To unsubscribe from this group and stop receiving emails from it, send an email to joomla-dev-gene...@googlegroups.com.

[Filipe Torres]

Hi,

there is an ebook about mod_security: https://www.feistyduck.com/books/modsecurity-handbook/modsecurity-rule-writing-workshop.pdf

The complete book is ModSecurity Handbook: https://www.feistyduck.com/books/modsecurity-handbook/