今回は「apacheのWAFの設定」です。
使うのはModSecurityです。
ModSecurityはオープンソースなので無料です。
インストール
dnf install mod_security mod_security_crs
systemctl restart httpd
で完了です。
WAFなので誤動作する場合があるので
/etc/httpd/conf.d/mod_security.conf
SecRuleEngine DetectionOnly
systemctl restart httpd
でwafのログを確認して
/etc/httpd/conf/httpd.conf
SecRuleRemoveById ID
systemctl restart httpd
で完了です。IDの部分はログに流れる数字の部分です。(忘れたww)
WordPressの誤検知を減らす設定(phpmyadminも入れときます)
/etc/httpd/conf/httpd.conf
<LocationMatch "(/wp-login.php)">
SecRuleRemoveById 960024
SecRuleRemoveById 980130
SecRuleRemoveById 949110
SecRuleRemoveById 941310
</LocationMatch>
SecRuleRemoveById 960015
SecRuleRemoveById 981172
<LocationMatch "(/phpmyadmin)">
SecRuleRemoveById 200003
SecRuleRemoveById 941120
SecRuleRemoveById 949110
SecRuleRemoveById 980130
</LocationMatch>
<LocationMatch "(/wp-admin/|/xmlrpc.php|/wp-comments-post.php)">
SecRuleRemoveById 920350
SecRuleRemoveById 950001
SecRuleRemoveById 950005
SecRuleRemoveById 950006
SecRuleRemoveById 950007
SecRuleRemoveById 950901
SecRuleRemoveById 958011
SecRuleRemoveById 958030
SecRuleRemoveById 958976
SecRuleRemoveById 959073
SecRuleRemoveById 959070
SecRuleRemoveById 959071
SecRuleRemoveById 959072
SecRuleRemoveById 959151
SecRuleRemoveById 960015
SecRuleRemoveById 960024
SecRuleRemoveById 973300
SecRuleRemoveById 973302
SecRuleRemoveById 973304
SecRuleRemoveById 973305
SecRuleRemoveById 973306
SecRuleRemoveById 973308
SecRuleRemoveById 973316
SecRuleRemoveById 973332
SecRuleRemoveById 973333
SecRuleRemoveById 973334
SecRuleRemoveById 973335
SecRuleRemoveById 981172
SecRuleRemoveById 981173
SecRuleRemoveById 981231
SecRuleRemoveById 981240
SecRuleRemoveById 981241
SecRuleRemoveById 981242
SecRuleRemoveById 981243
SecRuleRemoveById 981244
SecRuleRemoveById 981245
SecRuleRemoveById 981246
SecRuleRemoveById 981247
SecRuleRemoveById 981248
SecRuleRemoveById 981249
SecRuleRemoveById 981251
SecRuleRemoveById 981255
SecRuleRemoveById 981256
SecRuleRemoveById 981257
SecRuleRemoveById 981260
SecRuleRemoveById 981276
SecRuleRemoveById 981317
SecRuleRemoveById 981318
SecRuleRemoveById 981319
SecRuleRemoveById 981320
#wp-admin↓
SecRuleRemoveById 932100
SecRuleRemoveById 932105
SecRuleRemoveById 941140
SecRuleRemoveById 941160
SecRuleRemoveById 941200
SecRuleRemoveById 941350
SecRuleRemoveById 949110
</LocationMatch>
systemctl restart httpd
で多分Wordpressの誤検知は減ると思います。
phpmyadminも入れていますが、無効化したいなら
#<LocationMatch "(/phpmyadmin)">
# SecRuleRemoveById 200003
# SecRuleRemoveById 941120
# SecRuleRemoveById 949110
# SecRuleRemoveById 980130
#</LocationMatch>
でapacheのリロードしたら完了です。
最後まで読んでくれてありがとうございました。
コメントを残す