Ce contenu n'est pas disponible dans la langue sélectionnée.
Chapter 3. Configuring ModSecurity on Windows Server
When you install Red Hat JBoss Core Services on Windows Server, you can configure the ModSecurity module to function as a web application firewall (WAF) for the Apache HTTP Server.
3.1. ModSecurity dependencies on Windows Server
ModSecurity has several dependencies to function successfully. Some of these dependencies are already included as a part of Red Hat JBoss Core Services.
The following table provides a list of ModSecurity dependencies:
Dependency | Part of JBCS on Windows Server? |
---|---|
Apache Portable Runtimes | Yes |
| Yes |
| Yes |
| Yes |
Perl-Compatible Regular Expressions (PCRE) | Yes |
| Yes |
On Windows Server, Red Hat JBoss Core Services includes all of these dependencies.
3.2. Installing ModSecurity on Windows Server
The ModSecurity module is included as part of a Red Hat JBoss Core Services installation. Apache HTTP Server provides many of the items that are required to run ModSecurity on Windows Server. However, you must ensure that your system complies with certain criteria to allow ModSecurity to function correctly.
Prerequisites
The folder where you build software from source contains both the Apache source, which you use to build the Apache HTTP Server, and the ModSecurity source.
For example:
-
Apache source is in
C:\ sourceFolder\httpd-2.4.57
-
Apache has been installed to
C:\Apache2457
ModSecurity source is in
C:\ sourceFolder\mod_security
NoteIn this case,
sourceFolder
is a generic folder that you use in conjunction with the project.
-
Apache source is in
Your build environment is set up correctly.
For example:
-
Ensure that the
PATH
environment variable includes the Visual Studio variables set byvsvars32.bat
. -
Ensure that the
PATH
environment variable includes thebin\
folder forCMAKE
. -
Set an environment variable for the Apache source code directory, which is located at
C:\ sourceDirectory\httpd-2.4.57
.
-
Ensure that the
Procedure
-
Follow the procedures in the Red Hat JBoss Core Services Apache HTTP Server Installation Guide to download and install the Apache HTTP Server to the appropriate location on your
C:
drive.
Additional resources
3.3. Configuring the rules folder on Windows Server
ModSecurity functionality requires that you create rules that the system uses. Apache HTTP Server provides a preconfigured mod_security.conf.sample
file in the HTTPD_HOME\modsecurity.d
folder. To use ModSecurity rules, you must modify the mod_security.conf.sample
file with settings that are appropriate for your environment. You can store the ModSecurity rules in the modsecurity.d
folder or the modsecurity.d\activated_rules
subfolder.
Procedure
-
Go to the
HTTPD_HOME\modsecurity.d
folder. -
Rename the
mod_security.conf.sample
file tomod_security.conf
. -
Open the
mod_security.conf
file and specify parameters for all the configuration directives that you want to use with the ModSecurity rules.
3.4. Key ModSecurity configuration options
You can use key ModSecurity configuration options to improve the performance of regular expressions, investigate ModSecurity 2.6 phase one moving to phase two hook, and allow use of certain directives in .htaccess
files.
- enable-pcre-jit
- Enables Just-In-Time (JIT) compiler support in the Perl-Compatible Regular Expressions (PCRE) library 8.20 or later to improve the performance of regular expressions.
- enable-request-early
- Enables testing of the ModSecurity 2.6 move from phase one to phase two hook
- enable-htaccess-config
-
Enables use of directives in
.htaccess
files whenAllowOverride Options
is set