feat(samples/httpasteit): add security to httpd

- configure mod_security - configure mode_evasive
2022-04-15 04:50:10 +02:00 · 2022-04-15 04:50:10 +02:00 · e79714e1f6
commit e79714e1f6
parent b081f4a5b6
2 changed files with 30 additions and 1 deletions
--- a/samples/httpaste.it/httpd/usr/local/apache2/conf/httpd.conf
+++ b/samples/httpaste.it/httpd/usr/local/apache2/conf/httpd.conf
@ -16,6 +16,9 @@ LoadModule proxy_module modules/mod_proxy.so
 LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
 LoadModule unixd_module modules/mod_unixd.so
 LoadModule access_compat_module modules/mod_access_compat.so
+LoadModule security2_module /usr/lib/apache2/modules/mod_security2.so
+LoadModule evasive20_module /usr/lib/apache2/modules/mod_evasive20.so
+

 <IfModule unixd_module>
    User www-data
@ -24,6 +27,20 @@ LoadModule access_compat_module modules/mod_access_compat.so

 ServerAdmin you@example.com

+<IfModule security2_module>
+        Include crs/owasp-modsecurity-crs-3.2.0/crs-setup.conf
+        Include crs/owasp-modsecurity-crs-3.2.0/rules/*.conf
+</IfModule>
+
+<IfModule mod_evasive24.c>
+    DOSHashTableSize    3097
+    DOSPageCount        3
+    DOSSiteCount        10
+    DOSPageInterval     1
+    DOSSiteInterval     1
+    DOSBlockingPeriod   10
+    DOSCloseSocket      On
+</IfModule>

 ErrorLog /proc/self/fd/2

@ -58,6 +75,7 @@ ServerName 127.0.0.1
 <VirtualHost 0.0.0.0:80>
    #ProxyPreserveHost On
    ServerName httpaste.it
+    ServerAlias localhost
    SetEnv proxy-sendchunks
    ProxyPass  "/" "unix:/shared/uwsgi.sock|uwsgi://localhost/"
 </VirtualHost>