بحث متقدم | التسجيل
الويب العربي
  تسجيل دخول
 
   
   

  ملاحظة
الموقع متاح للإطلاع والقراءة فقط، المشاركة والمواضيع الجديدة غير متاحة حالياً لحين تطوير الموقع.




الموقع متاح للإطلاع والقراءة فقط، المشاركة والمواضيع الجديدة غير متاحة حالياً لحين تطوير الموقع.

عـودة للخلف   الويب العربي المركز التعليمي المجاني أمن المعلومات
تحديث الصفحة مجموعة قوانين للمود سيكورتي rule for Mod_Security

أمن المعلومات مقالات, أخبار, مواضيع حول أمن المعلومات, وحماية أنظمة التشغيل, الشبكات, المواقع, البيانات السرية.

موضوع مغلق اضف موضوع جديد
 
خيارات الموضوع طريقة العرض
  #1  
قديم 18-08-2008, 01:27 PM
best-7ost.com best-7ost.com غير متصل
عضو
  
تاريخ التسجيل: Feb 2008
مشاركة: 126
مستوى تقييم العضوية: 18
best-7ost.com is on a distinguished road
الافتراضي
معلش اش رايك بهذي القوانين ايهم افضل ؟؟؟؟

إقتباس:

<IfModule mod_security.c>
# Turn the filtering engine On or Off
SecFilterEngine On

# Change Server: string
SecServerSignature "Modelayer.Com"


# This setting should be set to On only if the Web site is
# using the Unicode encoding. Otherwise it may interfere with
# the normal Web site operation.
SecFilterCheckUnicodeEncoding Off

# The audit engine works independently and
# can be turned On of Off on the per-server or
# on the per-directory basis. "On" will log everything,
# "DynamicOrRelevant" will log dynamic requests or violations,
# and "RelevantOnly" will only log policy violations
SecAuditEngine RelevantOnly

# The name of the audit log file
SecAuditLog logs/audit_log

# Should mod_security inspect POST payloads
SecFilterScanPOST On

# Action to take by default
SecFilterDefaultAction "deny,log,status:400"

# # ## ## ## ## ## ## ## ## ##
# # ## ## ## ## ## ## ## ## ##

# Require Content-Length to be provided with
# every POST request
SecFilterSelective REQUEST_METHOD "^POST$" chain
SecFilterSelective HTTP_Content-Length "^$"

# Don't accept transfer encodings we know we don't handle
# (and you don't need it anyway)
SecFilterSelective HTTP_Transfer-Encoding "!^$"



# my own rules
SecFilter "\/var\/tmp"
SecFilter "command=cd"
SecFilter "\/etc\/passwd"
SecFilter "rootDir"
SecFilterSelective THE_REQUEST "/etc/passwd"
SecFilterSelective THE_REQUEST "/etc/shadow"
SecFilterSelective THE_REQUEST "cd /var/spool "
SecFilterSelective THE_REQUEST "cd /dev/shm "
SecFilterSelective THE_REQUEST "cd /dev "
SecFilterSelective THE_REQUEST "cd shm "
SecFilter "/dev/shm"
SecFilterSelective THE_REQUEST "/usr/bin/id"
SecFilterSelective THE_REQUEST "/bin/kill"
SecFilterSelective THE_REQUEST "/usr/bin/gcc"
SecFilterSelective THE_REQUEST "/usr/bin/cc"
SecFilterSelective THE_REQUEST "/usr/bin/g\+\+"
SecFilterSelective THE_REQUEST "/bin/ping"
SecFilterSelective THE_REQUEST "/bin/mail"
SecFilterSelective THE_REQUEST "/bin/ls"
SecFilterSelective THE_REQUEST "/usr/sbin/httpd"
SecFilter "local_path"
SecFilter "LOCAL_PATH"
SecFilterSelective THE_REQUEST "rootDir"
SecFilter "rootDir"
SecFilterSelective REQUEST_URI "\.php\?act=(chmod&f|cmd|f&f=|ls|img&img=)"
SecFilterSelective ARGS "/shell\.php\&cmd="
SecFilterSelective REQUEST_URI "Hacked.*by.*member.*of.*SCC"
SecFilterSelective THE_REQUEST "/~(root|ftp|bin|nobody|named|guest|logs|sshd)(/\S *)? HTTP/(0\.9|1\.[01])$"
SecFilterSelective REQUEST_URI "/~(root|ftp|bin|nobody|named|guest|logs|sshd)/ "
secFilterSelective THE_REQUEST "cgitelnet"
SecFilter "nstview\.php"
SecFilterSelective THE_REQUEST "chmod\x20"
SecFilterSelective THE_REQUEST "wget\x20"
SecFilterSelective THE_REQUEST "uname\x20-a"

# methods of downloading files to a server
SecFilterSelective THE_REQUEST "wget "
SecFilterSelective THE_REQUEST "\.cgi*" chain
SecFilterSelective THE_REQUEST "lynx "
SecFilterSelective THE_REQUEST "Fhome"
SecFilterSelective THE_REQUEST "ftp "
SecFilterSelective THE_REQUEST "php?phpinfo"
SecFilterSelective THE_REQUEST "php?phpini"
SecFilterSelective THE_REQUEST "php?mem"
SecFilterSelective THE_REQUEST "php?cpu"
SecFilterSelective THE_REQUEST "php?users"
SecFilterSelective THE_REQUEST "php?tmp"
SecFilterSelective THE_REQUEST "php?delete"
SecFilterSelective THE_REQUEST "curl "
SecFilterSelective THE_REQUEST "ssh "
SecFilterSelective THE_REQUEST "echo "
SecFilterSelective THE_REQUEST "links -dump "
SecFilterSelective THE_REQUEST "links -dump-charset "
SecFilterSelective THE_REQUEST "links -dump-width "
SecFilterSelective THE_REQUEST "links http:// "
SecFilterSelective THE_REQUEST "links ftp:// "
SecFilterSelective THE_REQUEST "links -source "
SecFilterSelective THE_REQUEST "mkdir "
SecFilterSelective THE_REQUEST "cd /tmp "
SecFilterSelective THE_REQUEST "cd /var/tmp "
SecFilterSelective THE_REQUEST "cd /etc/httpd/proxy "
SecFilterSelective THE_REQUEST "/config.php?v=1&DIR "
SecFilterSelective THE_REQUEST "changedir=%2Ftmp%2F.php "
SecFilterSelective THE_REQUEST "cmd=cd\x20/var "
secfilterSelective THE_REQUEST "HCL_path=http "
SecFilterSelective THE_REQUEST "clamav-partial "
SecFilterSelective THE_REQUEST "vi\.recover "
SecFilterSelective THE_REQUEST "netenberg "
SecFilterSelective THE_REQUEST "psybnc "
SecFilterSelective THE_REQUEST "fantastico_de_luxe "
SecFilterSelective THE_REQUEST "2Fpublic_html&"
SecFilterSelective THE_REQUEST ".htaccess"
SecFilterSelective THE_REQUEST "c99sh_datapipe.pl"
SecFilterSelective THE_REQUEST "listDBs"
SecFilterSelective THE_REQUEST "%2home%2"
SecFilterSelective THE_REQUEST "%2home%"
SecFilterSelective THE_REQUEST "%home%"
SecFilterSelective THE_REQUEST "%home"
SecFilterSelective THE_REQUEST "home%"
SecFilterSelective THE_REQUEST "%2Fhome%2"
SecFilterSelective THE_REQUEST "%2Fhome%"
SecFilterSelective THE_REQUEST "%Fhome%"
SecFilterSelective THE_REQUEST "%Fhome"
SecFilterSelective THE_REQUEST "Fhome%"
SecFilterSelective THE_REQUEST "2Fpublic_html&"
SecFilterSelective THE_REQUEST "/etc/"
SecFilterSelective THE_REQUEST "cd "

# WEB-PHP phpbb quick-reply.php arbitrary command attempt
SecFilterSelective POST_PAYLOAD "wget "
SecFilterSelective POST_PAYLOAD "lynx "
SecFilterSelective POST_PAYLOAD "Fhome"
SecFilterSelective POST_PAYLOAD "curl "
SecFilterSelective POST_PAYLOAD "ssh "
SecFilterSelective POST_PAYLOAD "echo "
SecFilterSelective POST_PAYLOAD "links -dump "
SecFilterSelective POST_PAYLOAD "links -dump-charset "
SecFilterSelective POST_PAYLOAD "links -dump-width "
SecFilterSelective POST_PAYLOAD "links http:// "
SecFilterSelective POST_PAYLOAD "links ftp:// "
SecFilterSelective POST_PAYLOAD "links -source "
SecFilterSelective POST_PAYLOAD "mkdir "
SecFilterSelective POST_PAYLOAD "cd /tmp "
SecFilterSelective POST_PAYLOAD "cd /var/tmp "
SecFilterSelective POST_PAYLOAD "cmd=cd\x20/var "
SecFilterSelective POST_PAYLOAD "HCL_path=http "
SecFilterSelective POST_PAYLOAD "clamav-partial "
SecFilterSelective POST_PAYLOAD "vi\.recover "
SecFilterSelective POST_PAYLOAD "netenberg "
SecFilterSelective POST_PAYLOAD "psybnc "
SecFilterSelective POST_PAYLOAD "fantastico_de_luxe "
SecFilterSelective POST_PAYLOAD ".htaccess"
SecFilterSelective POST_PAYLOAD "c99sh_datapipe.pl"
SecFilterSelective POST_PAYLOAD "listDBs"
SecFilterSelective POST_PAYLOAD "%2home%2"
SecFilterSelective POST_PAYLOAD "%2home%"
SecFilterSelective POST_PAYLOAD "%home%"
SecFilterSelective POST_PAYLOAD "%home"
SecFilterSelective POST_PAYLOAD "home%"
SecFilterSelective POST_PAYLOAD "%2Fhome%2"
SecFilterSelective POST_PAYLOAD "%2Fhome%"
SecFilterSelective POST_PAYLOAD "%Fhome%"
SecFilterSelective POST_PAYLOAD "%Fhome"
SecFilterSelective POST_PAYLOAD "Fhome%"
SecFilterSelective POST_PAYLOAD "2Fpublic_html&"
SecFilterSelective POST_PAYLOAD "/etc/"
SecFilterSelective POST_PAYLOAD "SHOW DATABASES "
SecFilterSelective THE_REQUEST "/~root"
SecFilterSelective THE_REQUEST "/~ftp"
SecFilterSelective THE_REQUEST "/htgrep" chain
SecFilterSelective THE_REQUEST "/htgrep" log,pass
SecFilterSelective THE_REQUEST "/\.history"
SecFilterSelective THE_REQUEST "/\.bash_history"
SecFilterSelective THE_REQUEST "/~nobody"
SecFilterSelective THE_REQUEST "psybnc"
SecFilterSelective THE_REQUEST "dir=http"
SecFilterSelective THE_REQUEST "\?STRENGUR"
SecFilterSelective THE_REQUEST "/etc/motd"
SecFilterSelective THE_REQUEST "/etc/passwd"
SecFilterSelective THE_REQUEST "conf/httpd\.conf"


</IfModule>








التوقيع
الاستضافة الامثل
استضافة-رسيلرات-VPS دومينات -تطوير
BEST-7OST.COM
ADMIN@BEST-7OST.COM
موضوع مغلق

« الموضوع السابق | الموضوع التالي »



قوانين المشاركة
لا يمكنك إضافة موضوع جديد
لا يمكنك الرد على المواضيع
لا يمكنك إضافة مرفقات
لا يمكنك تعديل مشاركاتك
كود vB متاح
كود [IMG] متاح
كود HTML مغلق
إنتقل إلى


جميع الأوقات بتوقيت مكة المكرمة. الساعة الآن » 07:54 PM.

Powered by vBulletin
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.

صحيفة الويب الإلكترونية RSS Feeds - صحيفة الويب الإلكترونية - الأرشيف - للأعلى


 
 »  خدمات البرمجة   »  رئيسية الدليل
  »  خدمات التصميم   »  الأمن والحماية
  »  الدعاية والتسويق
  »  الدعم والتطوير
  »  الشركات الرسمية
  »  حجز دومينات
  »  خدمات الإستضافة
 
 
  »  مكتبة الإستايلات   »  رئيسية المكتبة
  »  أكواد برمجية   »  أدوات الويب ماسترز
  »  مكتبة الهاكات   »  أدوات المصممين
  »  سكربتات متنوعة
  »  مجلات إلكترونية
  »  بلوكات متنوعة
  »  ثيمات مختلفة
 
 

صحيفة متخصصة في متابعة أخبار وجديد الإنترنت العربي
والحوارات الصحفية ومعلومات تقنية متنوعة .
   
 
 

للتواصل مع فريق عمل الويب العربي
يمكنك ذالك من خلال مركز الدعم والمساندة.
 الدعم الفني |  اعتماد العضويات |  قوانين الإنتساب |  إتفاقية الإستخدام |  أهداف الويب العربي |  دليل الشركات |  مكتبة الويب |  صحيفة الويب العربي |  الرئيسية