Mod Defender is an Apache2 module aiming to block attacks thanks to a whitelist policy
It is an almost complete replication of NAXSI, which is for Nginx
It uses the same configs format and is thus fully compatible with NXAPI/NXTOOL
- Input
- Output
- Human readable log: colored output to watch Mainrules and Basicrules processing
- JSON match log: easier parsing and more compact logs
- Combined log: regular and extensive match log are mixed so that content and name of variable in question are presents on the same line
- apache2 dev package to provide Apache2 headers
- apr package to provide Apache Portal Runtime library and headers
- gcc & g++ >= 4.9 (for std::regex)
- GNU make
- cmake >= 3.2
-
Install required packages
sudo apt-get install apache2-dev make gcc g++ cmake
-
Compile the source
cmake -H. -Bbuild cmake --build build -- -j4
-
Install the module
sudo cp build/mod_defender.so /usr/lib/apache2/modules/
-
Create its module load file
cat << EOF | sudo tee /etc/apache2/mods-available/defender.load > /dev/null LoadModule defender_module /usr/lib/apache2/modules/mod_defender.so <IfModule defender_module> Include /etc/defender/core.rules </IfModule> EOF
-
Add mod_defender settings in the desired location / directory / proxy blocks
<VirtualHost *:80> ServerName ... DocumentRoot ... <Location ...> <IfModule defender_module> # Defender toggle Defender On # Match log path MatchLog ${APACHE_LOG_DIR}/defender_match.log # JSON Match log path JSONMatchLog ${APACHE_LOG_DIR}/defender_json_match.log # Request body limit RequestBodyLimit 8388608 # Learning mode toggle LearningMode On # Extensive Learning log toggle ExtensiveLog Off # Libinjection SQL toggle LibinjectionSQL Off # Libinjection XSS toggle LibinjectionXSS Off ## Score action CheckRule "$SQL >= 8" BLOCK CheckRule "$RFI >= 8" BLOCK CheckRule "$TRAVERSAL >= 4" BLOCK CheckRule "$EVADE >= 4" BLOCK CheckRule "$XSS >= 8" BLOCK CheckRule "$UPLOAD >= 8" BLOCK # Whitelists (BasicRule) Include /etc/defender/my_whitelist.rules </IfModule> </Location> <VirtualHost> -
Create Mod Defender conf directory
sudo mkdir /etc/defender/
-
Populate it with the core rules
sudo wget -O /etc/defender/core.rules \ https://raw.githubusercontent.com/nbs-system/naxsi/master/naxsi_config/naxsi_core.rules
-
Enable the module
sudo a2enmod defender
-
Restart Apache2 to take effect
sudo service apache2 restart
-
Install required packages
pkg install apr make gcc cmake
-
Compile the source
cmake -H. -Bbuild cmake --build build -- -j4
-
Install the module
cp build/mod_defender.so /usr/local/libexec/apache24/
-
Create its module load file
cat << EOF | tee /usr/local/etc/apache24/modules.d/250_defender.conf > /dev/null LoadModule defender_module libexec/apache24/mod_defender.so <IfModule defender_module> Include etc/defender/core.rules </IfModule> EOF
-
Add mod_defender settings in the desired location / directory / proxy blocks
<VirtualHost *:80> ServerName ... DocumentRoot ... <Location ...> <IfModule defender_module> # Defender toggle Defender On # Match log path MatchLog /var/log/defender_match.log # JSON Match log path JSONMatchLog /var/log/defender_json_match.log # Request body limit RequestBodyLimit 8388608 # Learning mode toggle LearningMode On # Extensive Learning log toggle ExtensiveLog Off # Libinjection SQL toggle LibinjectionSQL Off # Libinjection XSS toggle LibinjectionXSS Off ## Score action CheckRule "$SQL >= 8" BLOCK CheckRule "$RFI >= 8" BLOCK CheckRule "$TRAVERSAL >= 4" BLOCK CheckRule "$EVADE >= 4" BLOCK CheckRule "$XSS >= 8" BLOCK CheckRule "$UPLOAD >= 8" BLOCK # Whitelists (BasicRule) Include etc/defender/my_whitelist.rules </IfModule> </Location> <VirtualHost> -
Create Mod Defender conf directory
mkdir /usr/local/etc/defender/
-
Populate it with the core rules
wget -O /usr/local/etc/defender/core.rules \ https://raw.githubusercontent.com/nbs-system/naxsi/master/naxsi_config/naxsi_core.rules
-
Restart Apache2 to take effect
service apache24 restart
# Score rules
Include /etc/defender/core.rules
MainRule "..."
# Action rules
CheckRule "..."
# Whitelist rules
BasicRule "..."
NAXSI's team from nbs-system