Apache mod_security: test common attacks
I installed mod_security 2.8.0 on Apache 2.4.7 and I loaded the basic rules proposed by SpiderLabs-OWASP. My httpd.conf:
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule security2_module modules/mod_security2.so
<IfModule security2_module>
SecRuleEngine On
# You can download the CRS from the GitHub Repo:
# https://github.com/SpiderLabs/owasp-modsecurity-crs
Include conf/crs/modsecurity_crs_10_setup.conf
Include conf/crs/base_rules/*.conf
# My basic (stupid) TEST rule
SecRule ARGS "mod_security_test" "t:normalisePathWin,id:99999,severity:4,msg:'Drive Access'"
</IfModule>
If call url: http://www.mysecuresite.com/?test=mod_security_test
Error 403 Forbidden
My Rule Work!!
Now I want to test the most common attacks (and bad bot activity) to verify that everything is working fine.
Do you have tools or scripts that you would recommend to test the safety of the site?
Answer
Just download KALI Linux (or similar) and run a few Web-based attacks against your server (you can easily Google a few how-to videos). Your error log should lit-up with mod security records. Analyze the logs. i.e.: (analyze the logs)
1) Make sure to run the test-attack against your server only
2) Run it from different IP than your's. Some hosting companies trying to prevent their users from pentesting their own servers/sites (which makes no sense to me)