Apache mod_security: test common attacks

Simone Nigro picture Simone Nigro · Apr 25, 2014 · Viewed 8.8k times · Source

I installed mod_security 2.8.0 on Apache 2.4.7 and I loaded the basic rules proposed by SpiderLabs-OWASP. My httpd.conf:

LoadModule unique_id_module modules/mod_unique_id.so
LoadModule security2_module modules/mod_security2.so

<IfModule security2_module>
    SecRuleEngine On

    # You can download the CRS from the GitHub Repo:
    # https://github.com/SpiderLabs/owasp-modsecurity-crs
    Include conf/crs/modsecurity_crs_10_setup.conf
    Include conf/crs/base_rules/*.conf

    # My basic (stupid) TEST rule
    SecRule ARGS "mod_security_test" "t:normalisePathWin,id:99999,severity:4,msg:'Drive Access'"
</IfModule>

If call url: http://www.mysecuresite.com/?test=mod_security_test

Error 403 Forbidden

My Rule Work!!

Now I want to test the most common attacks (and bad bot activity) to verify that everything is working fine.

Do you have tools or scripts that you would recommend to test the safety of the site?

Answer

Milan picture Milan · Dec 8, 2017

Just download KALI Linux (or similar) and run a few Web-based attacks against your server (you can easily Google a few how-to videos). Your error log should lit-up with mod security records. Analyze the logs. i.e.: (analyze the logs)

1) Make sure to run the test-attack against your server only

2) Run it from different IP than your's. Some hosting companies trying to prevent their users from pentesting their own servers/sites (which makes no sense to me)