Loading...
 
Skip to main content

History: ModSecurity

View published page

Source of version: 20 (current)

Copy to clipboard
            {syntax type="markdown"  editor="wysiwyg"} # ModSecurity Configuration for Tiki

# 1. Introduction

ModSecurity is a powerful, open-source web application firewall (WAF) module that enhances security by protecting **web applications, including Tiki sites, from a wide range of threats** such as **SQL injection, cross-site scripting (XSS), and malicious bots attempting to scrape content or exploit vulnerabilities**. It operates based on predefined rules to filter and block potentially harmful requests. This guide provides a comprehensive walkthrough for setting up and configuring ModSecurity, ensuring **optimal security while preserving Tiki's usability and functionality**.

# 2. Installation

## Step 1: Install ModSecurity

**For Apache (Debian/Ubuntu)**
{CODE(colors=>lua)}
sudo apt update
sudo apt install libapache2-mod-security2
{CODE}

## Step 2: Enable ModSecurity

Enable ModSecurity by copying the recommended configuration file: 
{CODE(colors=>lua)}
sudo mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
{CODE} 
Then, **edit the file**: 
{CODE(colors=>lua)}
sudo nano /etc/modsecurity/modsecurity.conf
{CODE} 
Find: 
{CODE(caption=>apache)}
SecRuleEngine DetectionOnly
{CODE} 
Change it to: 
{CODE(caption=>apache)}
SecRuleEngine On
{CODE} 
**Save and close the file.**

## Step 3: Verify Installation

Check if ModSecurity is enabled: 
{CODE(colors=>lua)}
sudo apachectl -M | grep security2
{CODE} 
Expected output: 
{CODE(colors=>lua)}
 security2_module (shared)
{CODE} 
If the module is not loaded, restart Apache: 
{CODE(colors=>lua)}
sudo systemctl restart apache2
{CODE}

# 3. Basic Configuration

## Step 1: Enable the OWASP CRS Rules

Enable the **OWASP Core Rule Set (CRS)**: 
{CODE(colors=>lua)}
sudo nano /etc/apache2/mods-enabled/security2.conf
{CODE} 
Ensure this line is included: 
{CODE(caption=>apache)}
IncludeOptional /usr/share/modsecurity-crs/*.conf
{CODE} 
Restart Apache: 
{CODE(colors=>lua)}
sudo systemctl restart apache2
{CODE}

## Step 2: Adjust Anomaly Scoring

Modify anomaly scoring to **reduce false positives**: 
{CODE(colors=>lua)}
sudo nano /etc/modsecurity/crs/crs-setup.conf
{CODE} 
Change: 
{CODE(caption=>apache)}
SecAction "id:900110,phase:1,nolog,pass,t:none,setvar:tx.inbound_anomaly_score_threshold=10000"
SecAction "id:900120,phase:2,nolog,pass,t:none,setvar:tx.inbound_anomaly_score_threshold=10000"
SecAction "id:900130,phase:1,nolog,pass,t:none,setvar:tx.outbound_anomaly_score_threshold=10000"
{CODE} 
Restart Apache: 
{CODE(colors=>lua)}
sudo systemctl restart apache2
{CODE}

# 4. Tiki-Specific Configuration

## Step 1: Handling False Positives

Exclude **static files**: 
{CODE(colors=>lua)}
sudo nano /etc/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
{CODE} 
Add: 
{CODE(caption=>apache)}
SecRule REQUEST_URI "\.(jpeg|jpg|gif|png|bmp|ico|css|js)$" "id:1000017,phase:1,pass,nolog,ctl:ruleEngine=Off"
{CODE}

Allow **file uploads in Tiki**: 
{CODE(caption=>apache)}
SecRule REQUEST_URI "@beginsWith /tiki-upload_file.php" "id:1000021,phase:2,pass,nolog,ctl:ruleRemoveById=200004"
{CODE} 
Restart Apache: 
{CODE(colors=>lua)}
sudo systemctl restart apache2
{CODE}

## Step 2: Handling Language-Specific False Positives

Some actions by users on Tiki sites may trigger alerts or blocking due to ModSecurity's filtering rules. For example, words with multiple accented characters in a single word, like **"Měšťáček"** (Czech), can be flagged as suspicious.

To prevent such cases from causing a **500 error** or blocking the page:

## Review ModSecurity logs for blocked requests:

 {CODE(colors=>lua)}
   sudo tail -f /var/log/apache2/modsec_audit.log
   {CODE}

## Identify the specific rule blocking the request.

## Create an exception rule in `REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf`.

 {CODE(caption=>apache)}
   SecRule REQUEST_URI "@beginsWith /tiki-editpage.php" "id:1000022,phase:2,pass,nolog,ctl:ruleRemoveById=942100"
   {CODE}

## Restart Apache:

 {CODE(colors=>lua)}
   sudo systemctl restart apache2
   {CODE}

This ensures ModSecurity does not incorrectly block legitimate content written in different languages.

# Conclusion

This guide helps secure Tiki with ModSecurity, prevent false positives, and block malicious bots. Regularly monitor logs and adjust exclusion rules for usability.




{DIV(class=titlebar)}related pages{DIV}


((Security Admin)) 
((Advanced Settings))


{DIV(class=titlebar)}external links{DIV}


- http://www.modsecurity.org
- http://es.wikipedia.org/wiki/Mod_Security
- http://sourceforge.net/projects/mod-security/



{DIV(class=titlebar)}aliases for this page{DIV}


(alias(mod security)) | (alias(mod_security))