¾ÆÆÄÄ¡ À¥¼¹ö º¸¾È ¼³Á¤ - 1
Ãâó : http://blog.pages.kr/44
°¡. À¥ ¼¹ö ÇÁ·Î¼¼½º¸¦ À§ÇÑ °èÁ¤
Apache¿Í °ü·ÃµÈ »ç¿ëÀÚ °èÁ¤Àº Å©°Ô µÎ °¡Áö°¡ ÀÖ´Ù.
¡Ü Apache ¼¹ö°¡ ¼³Ä¡ ¹× ±¸µ¿À» À§ÇÑ °èÁ¤ - ¿î¿µÃ¼Á¦¿¡ ·Î±×ÀÎÇÏ¿© Apache¸¦ ¼³Ä¡ÇÏ°í, À¥¼¹ö¸¦ ½ÃÀÛ/Á¾·á ½ÃÅ°´Â °èÁ¤
¡Ø À¥ ¼ºñ½º¸¦ À§ÇÑ Æ÷Æ®·Î 1024¹ø ¹Ì¸¸ Æ÷Æ®¹øÈ£(80 ¹ø Æ÷ÇÔ)¸¦ »ç¿ëÇϱâ À§Çؼ´Â ÀÌ °èÁ¤ÀÌ rootÀ̾î¾ß ÇÑ´Ù.
¡Ü À¥ ¼¹ö ÇÁ·Î¼¼½º¸¦ À§ÇÑ °èÁ¤ - À¥ ¼¹ö µ¥¸óÀÌ ½ÃÀÛµÈ ÈÄ ÀϹݻç¿ëÀÚÀÇ À¥ Á¢¼ÓÀ» ó¸®Çϱâ Çϱâ À§ÇÏ¿© »ý¼ºµÇ´Â ÇÁ·Î¼¼½º°¡ »ç¿ëÇÏ´Â °èÁ¤
¡°À¥¼¹ö ÇÁ·Î¼¼½º °èÁ¤¡±ÀÇ °æ¿ì ¹Ýµå½Ã ·Î±×ÀÎÇÒ ¼ö ¾ø´Â °èÁ¤ Áï, ½©(shell)ÀÌ ¾ø´Â °èÁ¤À¸·Î ¼³Á¤ÇÏ¿©¾ß ÇÑ´Ù. ÀϹÝÀûÀ¸·Î´Â »ç¿ëÀÚ ID¿Í ±×·ìÀ¸·Î ½©ÀÌ ¾ø´Â¡°nobody¡±°èÁ¤À» »ç¿ëÇÑ´Ù. ¾Æ·¡ ±×¸²Ã³·³ /etc/passwdÆÄÀÏ°ú /etc/shadowÆÄÀÏÀÇ nobody °èÁ¤¿¡ ´ëÇÏ¿© ¸Ç ¸¶Áö¸·¿¡ /bin/sh, /bin/cshµî shellÀ» ¸í½ÃÇÏ´Â ºÎºÐÀÌ Á¦¿ÜµÇ¾î ÀÖÀ½À» È®ÀÎ ÇÒ ¼ö ÀÖ´Ù.
nobody:x:99:99:Nobody:/: nobody:*:11900:0:99999:7::: |
¶ÇÇÑ, ÀÌ·¯ÇÑ °èÁ¤(½©ÀÌ ¾ø´Â°èÁ¤, ¾Æ·¡ ¿¹¿¡¼´Â¡°nobody¡±)ÀÌ ½ÇÁ¦ À¥ ¼ºñ½º¿¡ Àû¿ëµÇ·Á¸é ¾ÆÆÄÄ¡ ¼³Á¤ÆÄÀÏ(httpd.conf)¿¡¼¡°User¡±,¡° Group¡±Áö½ÃÀÚ(directive)°¡ ¾Æ·¡¿Í °°ÀÌ ¼³Á¤µÇ¾î¾ß ÇÑ´Ù.
User nobody Group nobody |
³ª. À¥ ¼¹ö DocumentRootÀÇ ¼³Á¤
À¥ ¼¹ö DocumentRoot´Â ¸ðµç À¥ ÄÁÅÙÆ®°¡ ÀúÀåµÉ µð·ºÅ丮 ±¸Á¶À̸ç ÀÌ µð·ºÅ丮¿¡ À§Ä¡µÈ ÄÁÅÙÃ÷´Â À¥À» ÅëÇÏ¿© °ø°³µÈ´Ù. µû¶ó¼ °¡´ÉÇϸé ÀÌ µð·ºÅ丮´Â ½Ã½ºÅÛÀÇ ·çÆ® ÆÄÀϽýºÅÛ µî°ú´Â º°µµÀÇ ÆÄÀϽýºÅÛÀ» »ç¿ëÇØ¾ß ÇÑ´Ù.
Apache ±âº» ¼³Ä¡½Ã¿¡´Â htdocs µð·ºÅ丮¸¦ DocumentRoot·Î »ç¿ëÇÏ°í Àִµ¥ À̸¦ ¹Ù²Ùµµ·Ï ÇÑ´Ù. htdocs µð·ºÅ丮¿¡´Â °ø°³µÉ ÇÊ¿ä°¡ ¾ø°Å³ª °ø°Ý¿¡ ¾Ç¿ëµÉ ¼ö ÀÖ´Â ½Ã½ºÅÛ °ü·Ã Á¤º¸°¡ ´ã±ä ÆÄÀÏÀÌ ±âº»ÀûÀ¸·Î ¼³Ä¡ µÉ ¼ö ÀÖ´Ù.
¡°/usr/local/www¡±¸¦ DocumentRoot·Î ÁöÁ¤ÇÏ°íÀÚ ÇÒ °æ¿ì httpd.conf ÆÄÀÏ¿¡¼ ´ÙÀ½°ú °°ÀÌ ÇÒ ¼ö ÀÖ´Ù.
#DocumentRoot¡° /usr/local/apache/htdocs¡± DocumentRoot¡° /usr/local/www¡± |
À¥ ¼¹ö µ¥¸óÀº chroot¿¡ ¼³Ä¡ÇÏ´Â °ÍÀ» ±Ç°íÇÑ´Ù. ¸¸¾à À¥¼¹ö µ¥¸óÀÌ °ø°Ý´çÇß´Ù°í ÇÏ´õ¶óµµ °ø°ÝÀÚ´Â chroot µð·ºÅ丮·Î Á¤ÇسõÀº µð·ºÅ丮 Àܷ̿δ Á¢±ÙÇÒ ¼ö ¾ø¾î ÇÇÇظ¦ ÃÖ¼ÒÈÇÒ ¼ö ÀÖ´Ù.
´Ù. ºÒÇÊ¿äÇÑ CGI ½ºÅ©¸³Æ® Á¦°Å
Apache ¹èÆ÷ÆÇ¿¡´Â ºÒÇÊ¿äÇÑ CGI ½ºÅ©¸³Æ®µéÀÌ Æ÷ÇԵǾî ÀÖ¾î °ø°Ý¿¡ ÀÌ¿ëµÉ ¼ö ÀÖ´Ù. Apache
¼³Ä¡½Ã ±âº»ÀûÀ¸·Î cgi-bin µð·ºÅ丮¿¡ ¼³Ä¡µÇ´Â ¸ðµç CGI ½ºÅ©¸³Æ®µéÀº Á¦°ÅÇÏ´Â °ÍÀÌ ¾ÈÀü
ÇÏ´Ù.
¶ó. Apache ȯ°æÆÄÀÏ(httpd.conf)ÀÇ ¼³Á¤
¡Ü µð·ºÅ丮 ¸®½ºÆà ¹æÁö
- À¥ ºê¶ó¿ìÀú¿¡¼ »ç¿ëÀÚ°¡ URLÀ» ÀÔ·ÂÇßÀ» °æ¿ì, À¥ ÄÁÅÙÃ÷°¡ ¾øÀ» °æ¿ì ±âº»ÀûÀ¸·Î µð·ºÅ丮 ¸®½ºÆ®¸¦ º¸¿©ÁÖ´Â °ÍÀ» ¹æÁöÇØ¾ß ÇÑ´Ù.
- DocumentRoot µð·ºÅ丮 ³»ÀÇ ¸ðµç ÆÄÀϵéÀÌ ¸®½ºÆõǴ °ÍÀ» ¹æÁöÇϱâ À§Çؼ´Â ȯ°æ¼³Á¤ÈÀÏ(httpd.conf)¡° Options¡±Áö½ÃÀÚ¿¡¼¡°Indexes¡±¿É¼ÇÀ» Á¦°ÅÇÑ´Ù.
¡Ü ½Éºí¸¯ ¸µÅ©ÀÇ »ç¿ë ¹æÁö
- À¥ ¼¹ö¿¡¼ ½Éºí¸¯ ¸µÅ©¸¦ ÀÌ¿ëÇؼ ±âÁ¸ÀÇ À¥ ¹®¼ ÀÌ¿ÜÀÇ ÆÄÀϽýºÅÛ¿¡ Á¢±ÙÇÏ´Â °ÍÀÌ °¡´ÉÇϳª ½É°¢ÇÑ º¸¾È ¹®Á¦¸¦ ¾ß±â½Ãų ¼ö ÀÖ´Ù. °¡·É ½Ã½ºÅÛ ÀÚüÀÇ root µð·ºÅ丮(/)¸¦ ¸µÅ© °É°Ô µÇ¸é À¥¼¹ö ±¸µ¿ »ç¿ëÀÚ ±ÇÇÑ(nobody)À¸·Î ¸ðµç ÆÄÀϽýºÅÛÀÇ ÆÄÀÏ¿¡ Á¢±ÙÇÒ ¼ö ÀÖ°Ô µÈ´Ù.(¿¹¸¦ µé¸é /etc/passwdÀ» °ø°³ÇÏ°Ô µÉ ¼öµµ ÀÖ´Ù.)
- À̸¦ ¹æÁöÇϱâ À§Çؼ´Â¡°Options¡±Áö½ÃÀÚ¿¡¼ ½Éºí¸¯ ¸µÅ©¸¦ °¡´ÉÇÏ°Ô ÇÏ´Â ¿É¼ÇÀÎ ¡°FollowSymLinks¡±¸¦ Á¦°ÅÇÔÀ¸·Î½á À̸¦ ¸·À» ¼ö ÀÖ´Ù.
¡Ü SSI(Server Side Includes) »ç¿ë Á¦ÇÑ
- SSI´Â HTML ÆäÀÌÁö ¾È¿¡ À§Ä¡ÇÏ°í ÀÖÀ¸¸ç, µ¿ÀûÀÎ À¥ ÆäÀÌÁö¸¦ Á¦°øÇÒ ¼ö ÀÖµµ·Ï ÇÑ´Ù. ÇÏÁö¸¸ SSI°¡ Æ÷ÇÔµÈ ÆÄÀÏÀº¡°exec cmd¡±¸¦ »ç¿ëÇؼ ¾î¶² CGI ½ºÅ©¸³Æ®³ª ÇÁ·Î±×·¥µéÀ» Apache°¡ ±¸µ¿ÇÏ´Â »ç¿ëÀÚ¿Í ±×·ì ±ÇÇÑÀ¸·Î ½ÇÇà½Ãų ¼ö ÀÖ´Ù.
- ÀÌ SSI ÆäÀÌÁö°¡ ½ºÅ©¸³Æ®³ª ÇÁ·Î±×·¥À» ½ÇÇà½Ãų ¼ö ¾øµµ·Ï Çϱâ À§Çؼ´Â¡°Options¡±Áö½ÃÀÚ¿¡¡°IncludesNoExec¡±¿É¼ÇÀ» Ãß°¡ÇÔÀ¸·Î½á Â÷´ÜÇÒ ¼ö ÀÖ´Ù.
¡Ü CGI ½ÇÇàµð·ºÅ丮 Á¦ÇÑ
- »ç¿ëÀÚµéÀÌ CGI ½ºÅ©¸³Æ®µéÀ» ¾î´À µð·ºÅ丮¿¡¼³ª ½ÇÇàÇÒ ¼ö ÀÖµµ·Ï ÇÒ °æ¿ì ¾ÇÀÇÀûÀÎ »ç¿ëÀÚ°¡ CGI ÇÁ·Î±×·¥À» ¾÷·ÎµåÇÑ ÈÄ À̸¦ ½ÇÇàÇÏ¿© ÀÓÀÇÀÇ ¸í·ÉÀ» ½ÇÇà½Ãų ¼ö ÀÖ´Ù.
- µû¶ó¼, CGI ÇÁ·Î±×·¥ÀÇ ½ÇÇàÀº °ü¸®ÀÚ°¡ ÁöÁ¤ÇÑ Æ¯Á¤ µð·ºÅ丮¿¡¼¸¸ °¡´ÉÇϵµ·Ï Á¦ÇÑÇÒ ÇÊ¿ä°¡ ÀÖ´Ù. CGI ½ÇÇàÀº¡°ScriptsAlias¡±Áö½ÃÀÚ¿¡ ÀÇÇؼ ½ÇÇà°¡´ÉÇÑ µð·ºÅ丮¸¦ Á¦ÇÑÇÒ ¼ö ÀÖ´Ù.¡° ScriptsAlias¡±Áö½ÃÀÚ ¹®¹ýÀº ´ÙÀ½°ú °°´Ù.
Á¤Àǹæ¹ý: ScriptAlias URL-path file-path | directory-path |
¿¹¸¦µé¾î cgi-binÀ̶ó´Â µð·ºÅ丮¿¡¼¸¸ CGIÇÁ·Î±×·¥À» ½ÇÇà°¡´ÉÇϵµ·Ï ÇÒ °æ¿ì ´ÙÀ½°ú °°ÀÌ ÁöÁ¤ÇÒ ¼ö ÀÖ´Ù.
ScriptAlias /cgi-bin/¡° /usr/local/apache/cgi-bin/¡± |
¾Õ¼ ¾ð±ÞÇÑ µð·ºÅ丮 ¸®½ºÆÃ, ½Éºí¸¯ ¸µÅ©, SSI µî¿¡ ´ëÇÑ Á¦¾î´Â¡°Options¡±Áö½ÃÀÚ¿¡ ÀÇÇØ Á¦¾î°¡ °¡´ÉÇÏ´Ù.
Á¤Àǹæ¹ý: Options [+|-]option [[+|-]option] ... |
¡°Options¡±Áö½ÃÀÚ¿¡¼ »ç¿ëÇÒ ¼ö ÀÖ´Â ¿É¼Ç°ªÀº ´ÙÀ½ Ç¥¿Í °°´Ù.
¿É¼Ç°ª | ¼³¸í |
All | MultiViews¸¦ Á¦¿ÜÇÑ ¸ðµç ¿É¼ÇÀ» ÁÜ(default ¼³Á¤°ªÀÓ) |
None | ¿É¼ÇÀ» ÁÖÁö ¾ÊÀ½ |
ExecCGI | CGI ÇÁ·Î±×·¥ ½ÇÇàÀ» °¡´ÉÇÏ°Ô ÇÔ |
FollowSymLinks | ½Éº¼¸¯ ¸µÅ©·ÎÀÇ À̵¿À» °¡´ÉÇÏ°Ô ÇÔ |
Includes | Server Side Includes¸¦ °¡´ÉÇÏ°Ô ÇÔ |
IncludesNOEXEC | Server-side includes´Â °¡´ÉÇÏÁö¸¸ CGI ½ºÅ©¸³Æ®³ª ÇÁ·Î±×·¥µéÀº ½ÇÇàÇÒ ¼ö ¾øµµ·Ï ÇÔ. |
Indexes | ÇØ´ç µð·ºÅ丮 ¾È¿¡ DirectoryIndex¿¡ ¸í±âµÈ ÆÄÀÏ(index.html µî)ÀÌ ¾øÀ» °æ¿ì µð·ºÅ丮¿Í ÆÄÀÏ ¸ñ·ÏÀ» º¸¿©ÁÜ |
MultiViews | À¯»çÇÑ ÆÄÀÏÀ̸§À» ã¾Æ ÁÖ´Â ±â´ÉÀ» ½ÇÇàÇÔ(¿¹¸¦µé¾î index¶ó°í¸¸ ÀÔ·ÂÇÏ´õ¶óµµ index.*¸¦ ã¾Æ º¸¿©ÁÜ) |
SymLinksIfOwnerMatch | The server will only follow symbolic links for which the target file or directory is owned by the same user id as the link. |
¡Ü httpd.conf ¼³Á¤ ¿¹½Ã
- DocumentRoot µð·ºÅ丮°¡ ´ÙÀ½°ú °°ÀÌ ¼³Á¤µÇ¾î ÀÖ´Ù°í ÇÏÀÚ.
Options Indexes FollowSymLinks |
- ÀÌ °æ¿ì ´ÙÀ½ ±×¸²°ú °°ÀÌ DirectoryIndex¿¡ Á¤ÀÇµÈ Ãʱâ ÆÄÀÏ(index.html) ÀÌ Á¸ÀçÇÏÁö ¾ÊÀ» °æ¿ì µð·ºÅ丮³»ÀÇ ÆÄÀϸñ·ÏÀ» ¸®½ºÆ®¾÷ ÇØ ÁØ´Ù.
¶ÇÇÑ, FollowSymLinks·Î ÀÎÇØ ·çÆ® µð·ºÅ丮(/)¿¡ ½Éºí¸¯ ¸µÅ©µÈ system.html ÆÄÀÏ(ln -s / system.html)À» ¿¾úÀ» °æ¿ì DocumentRoot µð·ºÅ丮 »óÀ§ÀÇ passwd ÆÄÀϱîÁö ¿¶÷ÀÌ °¡´ÉÇÔÀ» ¾Ë ¼ö ÀÖ´Ù.
Options IncludesNoExec |
ÀÌ °æ¿ì Ãʱâ ÆÄÀÏ(index.html)ÀÌ Á¸ÀçÇÏÁö ¾ÊÀ» °æ¿ì µð·ºÅ丮 ¸®½ºÆ®¸¦ º¸¿© ÁÖ´Â °ÍÀÌ ¾Æ´Ï¶ó ¿À·ù âÀ» ¶ç¿öÁÖ´Â °ÍÀ» È®ÀÎÇÒ ¼ö ÀÖ´Ù.
¡Ü À¥ ¼¹ö ÀÀ´ä ¸Þ½ÃÁö Çì´õ Á¤º¸ ¼û±â±â
- À¥¼¹ö ÇØ´õ Á¤º¸¶õ ´ÙÀ½°ú °°ÀÌ Å¬¶óÀ̾ðÆ®°¡ Apache À¥¼¹ö¿¡ Á¢¼ÓÇßÀ» ¶§ À¥¼¹ö¿¡¼´Â ÀÀ´ä ¸Þ½ÃÁöÀÇ Çì´õ¸¦ ¸»ÇÑ´Ù.
[root@hcjung conf]# telnet xxx.xxx.xxx.xxx 80 Trying xxx.xxx.xxx.xxx... Connected to xxx.xxx.xxx.xxx. Escape character is¡® ^]¡¯. GET / HTTP/1.1 HTTP/1.1 400 Bad Request Date: Tue, 15 Oct 2002 11:25:10 GMT Server: Apache/1.3.19 (Unix) PHP/4.0.4pl1 |
- ÀÌ Á¤º¸´Â °ø°ÝÀÚ¿¡ ÀÇÇØ Apache À¥¼¹ö ¹öÀüº° ¶Ç´Â ±¸µ¿µÇ°í ÀÖ´Â ÀÀ¿ëÇÁ·Î±×·¥¿¡ Àß ¾Ë·ÁÁø Ãë¾àÁ¡À» °ø°ÝÇϴµ¥ À¯¿ëÇÏ°Ô ¾Ç¿ëµÉ ¼ö ÀÖÀ¸¸ç, ÀÎÅÍ³Ý ¿ú°ú °°Àº ÀÚµ¿ÈµÈ °ø°Ý¿¡¼µµ ÀÌ·¯ÇÑ banner Á¤º¸°¡ »ç¿ëµÇ¾îÁö±âµµ ÇÑ´Ù. µû¶ó¼ °ø°ÝÀÚ¿¡°Ô À¥¼¹öÀÇ ¹öÀü°ú °°Àº banner Á¤º¸¸¦ ¼û±â´Â °ÍÀÌ ¾ÈÀüÇÏ´Ù.
- Apache À¥¼¹ö¿¡¼´Â¡°ServerTokens¡±Áö½ÃÀÚ¸¦ ¼öÁ¤ÇÔÀ¸·Î½á Çì´õ¿¡ ÀÇÇØ Àü¼ÛµÇ´Â Á¤º¸¸¦ ¹Ù²Ü ¼ö ÀÖ´Ù.
Á¤Àǹæ¹ý: ServerTokens Minimal|ProductOnly|OS|Full |
- ServerTokens Áö½ÃÀÚ¸¦ ÀÌ¿ëÇÏ¿© ¼³Á¤ÇÒ ¼ö ÀÖ´Â °¢ Å°¿öµå¿Í Ç¥½ÃµÇ´Â Çì´õ Á¤º¸´Â ´ÙÀ½
°ú °°´Ù.
Å°¿öµå | Á¦°øÇÏ´Â Á¤º¸ | ¿¹ |
Prod[uctOnly] | À¥¼¹ö Á¾·ù | Server: Apache |
Min[imal] | Prod Å°¿öµå Á¦°ø Á¤º¸ + À¥¼¹ö ¹öÀü | Server: Apache/1.3.0 |
OS | Min Å°¿öµå Á¦°ø Á¤º¸ + ¿î¿µÃ¼Á¦ | Server: Apache/1.3.0 (Unix) |
Full | OS Å°¿öµå Á¦°ø Á¤º¸ + ¼³Ä¡µÈ ¸ðµâ(ÀÀ¿ëÇÁ·Î±×·¥) Á¤º¸ | Server: Apache/1.3.0 (Unix) PHP/3.0 MyMod/1.2 |
- °ø°ÝÀÚ¸¦ ¼ÓÀ̱â À§Çؼ ¼¹öÀÇ Çì´õ Á¤º¸¸¦ ¾Õ¿¡¼ ¸í±âÇÑ ³»¿ë°ú´Â ÀüÇô ´Ù¸¥ ³»¿ëÀ¸·Î Á¶ÀÛÇÏ¿© Ŭ¶óÀ̾ðÆ®¿¡ º¸³¾ ¼öµµ Àִµ¥ À̸¦ À§Çؼ´Â Apache ¼Ò½ºÄڵ带 ¼öÁ¤ÇÑÈÄ ÀçÄÄÆÄÀÏÇÏ¿©¾ß ÇÑ´Ù.
¸¶. »ç¿ëÀÚ ÀÎÁõ
(1). »ç¿ëÀÚ ÀÎÁõÀÇ Á¾·ù
¨ç ±âº» »ç¿ëÀÚ ÀÎÁõ(Basic Authentication)
¡Ü ±âº» »ç¿ëÀÚ ÀÎÁõÀº Apache¿¡¼ Á¦°øµÇ´Â htpasswd¸¦ ÀÌ¿ëÇÏ¿© »ç¿ëÀÚ °èÁ¤À» »ý¼ºÇÏ°í ÀÎÁõÇÏ´Â ¹æ¹ýÀÌ´Ù.
¡Ü Æнº¿öµå°¡ ¾ÏÈ£ÈµÇ¾î¼ ÀúÀåµÇÁö¸¸ Ŭ¶óÀ̾ðÆ®¿¡¼ ¼¹ö·Î Àü¼ÛµÇ´Â µµÁß¿¡´Â ¾ÏȣȵÇÁö ¾Ê¾Æ Àü¼Û Áß ³ëÃâµÉ ¼ö ÀÖ´Ù.
¨è ´ÙÀÌÁ¦½ºÆ® »ç¿ëÀÚ ÀÎÁõ(Digest Authentication)
¡Ü ±âº» »ç¿ëÀÚ ÀÎÁõ°ú ¸¶Âù°¡Áö·Î Apache¿¡¼ Á¦°øµÇ´Â htpasswd¸¦ ÀÌ¿ëÇÏ¿© »ç¿ëÀÚ °èÁ¤À» »ý¼ºÇÏ°í ÀÎÁõÇÏ´Â ¹æ¹ýÀÌ´Ù.
¡Ü ±âº» »ç¿ëÀÚ ÀÎÁõ°úÀÇ Â÷ÀÌÁ¡Àº Æнº¿öµå¸¦ MD5 ¾ÏÈ£È Çؽ¬ÇÏ¿© Àü¼ÛÇϹǷΠÀü¼ÛÁß¿¡µµ ºñ±³Àû ¾ÈÀüÇÏÁö¸¸ ÀÎÁõ¿¡ »ç¿ëµÇ´Â Æнº¿öµå¸¸ ¾ÏÈ£ÈµÇ°í µ¥ÀÌÅÍ´Â Æò¹®À¸·Î Àü¼ÛµÊÀ» ÁÖÁöÇÒ ÇÊ¿ä°¡ ÀÖ´Ù.
¨é ¾îÇø®ÄÉÀ̼ǿ¡¼ÀÇ ÀÎÁõ(µ¥ÀÌÅͺ£À̽º µî ·Î±×ÀÎ Á¤º¸À¯Áö)
¡Ü ¾îÇø®ÄÉÀ̼ǿ¡¼ÀÇ ÀÎÁõÀº Apache¿¡¼ Á¦°øµÇ´Â htpasswd ¸í·ÉÀ» ÀÌ¿ëÇÏÁö ¾Ê°í »ç¿ëÀÚ À̸§°ú Æнº¿öµå¸¦ µ¥ÀÌÅͺ£À̽º¿¡ ÀúÀåÇÏ°í À̸¦ ÀÌ¿ëÇÏ¿© ÀÎÁõÇÏ´Â ¹æ¹ýÀÌ´Ù.
¡Ü µ¥ÀÌÅͺ£À̽º¿¡ ÀúÀåµÈ »ç¿ëÀÚ °èÁ¤¿¡ ´ëÇÑ Á¤º¸´Â ±â¾÷ÀÇ º¸¾ÈÁ¤Ã¥¿¡ µû¶ó ´Ù¸£Áö¸¸ ÀÏ¹Ý ÀûÀ¸·Î, ¾Ïȣȳª ´Ü¹æÇâ ÇÔ¼ö(Çؽ¬)µîÀ» Àû¿ëÇÏ¿© ÀúÀå ÇÏ´Â °ÍÀÌ ¾ÈÀüÇÏ´Ù. (³»ºÎÀÚ¿¡ ÀÇÇÑ Á¤º¸À¯Ãâ ¹æÁö)
¹Ù. ±âº» »ç¿ëÀÚ ÀÎÁõ
¡Ü ±âº» »ç¿ëÀÚ ÀÎÁõÀº Å©°Ô ´ÙÀ½°ú °°Àº µÎ°¡Áö ÀýÂ÷·Î ¼³Á¤ÇÒ ¼ö ÀÖ´Ù.
(1) Æнº¿öµå ÆÄÀÏ »ý¼º
- ¾ÆÆÄÄ¡ ¼³Ä¡½Ã Á¦°øµÇ´Â htpasswd ¸í·ÉÀ» ÀÌ¿ëÇÏ¿© Æнº¿öµå ÆÄÀÏÀ» »ý¼ºÇÑ´Ù. htpasswd ÆÄÀÏÀÇ »ç¿ë¹ýÀº ´ÙÀ½°ú °°´Ù.
»ç¿ë¹ý: htpasswd [-cmdps] passwordfile username |
- Æнº¿öµå ÆÄÀÏÀ» ÃÖÃÊ·Î »ý¼ºÇÒ °æ¿ì¿¡´Â -c ¿É¼ÇÀ» »ç¿ëÇÏ¿© »õ·Î¿î Æнº¿öµå ÆÄÀÏÀ» ¸¸µç´Ù.
[root@hcjung bin]# ./htpasswd -c /usr/local/apache/passwords hcjung New password: Re-type new password: Adding password for user hcjung |
- ÀÌÈÄ, »õ·Î¿î »ç¿ëÀÚ¸¦ Ãß°¡ÇÏ°íÀÚ ÇÒ °æ¿ì¿¡´Â -c ¿É¼ÇÀ» »©°í »ç¿ëÇÏ¸é µÈ´Ù. ½Ç¼ö·Î -c ¿É¼ÇÀ» ÁÙ °æ¿ì ±âÁ¸¿¡ µî·ÏµÈ »ç¿ëÀÚµéÀÌ Áö¿öÁö¹Ç·Î ÁÖÀÇÇÏ¿©¾ß ÇÑ´Ù.
[root@hcjung bin]# ./htpasswd /usr/local/apache/passwords webmaster |
- »ý¼ºµÈ Æнº¿öµå ÆÄÀÏÀº °¡´ÉÇÑ ¾ÈÀüÇÑ Àå¼Ò¿¡ º¸°üÇÏ°í À¥¼¹ö ÀÚü°¡ ÀÐÀ» ¼ö ÀÖ´Â ÃÖ¼ÒÇÑÀÇ ±ÇÇѸ¸À» ÁÖ¾î¾ß¸¸ ÇÑ´Ù. ¸¸ÀÏ À¥¼¹ö°¡ nobody »ç¿ëÀÚ¿Í nobody ±×·ìÀ¸·Î ±¸µ¿µÈ´Ù¸é ´ÙÀ½°ú °°ÀÌ ¼ÒÀ¯±Ç°ú Á¢±Ù±ÇÇÑÀ» ÁÙ ¼ö ÀÖ´Ù.
[root@hcjung bin]# chown root.nobody /usr/local/apache/passwords [root@hcjung bin]# chmod 640 /usr/local/apache/passwords |
(2) Æнº¿öµå ÆÄÀÏÀ» »ç¿ë°¡´ÉÇϵµ·Ï ȯ°æ¼³Á¤
- Æнº¿öµå ÆÄÀÏÀÇ »ý¼ºÀÌ ³¡³µÀ¸¸é Apache À¥¼¹ö¿¡°Ô ÀÌ ÆÄÀÏÀ» »ç¿ëÇÒ ¼ö ÀÖµµ·Ï ¼³Á¤ÇÏ¿© ÁÖ¾î¾ß ÇÑ´Ù.
- ¸ÕÀú °¢ µð·ºÅ丮º°·Î »ç¿ëÀÚ ÀÎÁõÀ» Çϱâ À§Çؼ httpd.conf ÆÄÀÏ ³»ÀÇ AllowOverride Áö½ÃÀÚÀÇ ¿É¼ÇÀ» None¿¡¼ AuthConfig ¶Ç´Â All·Î ¹Ù²Û´Ù.(»ç¿ëÀÚ ÀÎÁõ¸¸À» À§Çؼ´Â AuthConfig »ç¿ëÀ» ±Ç°í)
AllowOverride AuthConfig |
±×¸®°í, »ç¿ëÀÚ ÀÎÁõÀÌ ÇÊ¿äÇÑ µð·ºÅ丮¿¡ ´ÙÀ½ÀÇ Áö½ÃÀÚµéÀÌ Æ÷ÇÔµÈ .htaccess ÆÄÀÏÀ» »ý¼º ÇÑ´Ù.
¿É¼Ç°ª | ¼³¸í |
AuthType | ÀÎÁõ ÇüÅÂ(Basic ¶Ç´Â Digest) |
AuthName | ÀÎÁõ ¿µ¿ª(À¥ ºê¶ó¿ìÀúÀÇ ÀÎÁõâ¿¡ Ç¥½ÃµÊ) |
AuthUserFile | »ç¿ëÀÚ Æнº¿öµå ÆÄÀÏÀÇ À§Ä¡ |
FollowSymLinks | ½Éº¼¸¯ ¸µÅ©·ÎÀÇ À̵¿À» °¡´ÉÇÏ°Ô ÇÔ |
AuthGroupFile | ±×·ì ÆÄÀÏÀÇ À§Ä¡(¿É¼Ç) |
Require | Á¢±ÙÀ» Çã¿ëÇÒ »ç¿ëÀÚ ¶Ç´Â ±×·ì Á¤ÀÇ ex) Require user userid [userid] ... Require group group-name [group-name] ... Require valid-user |
¾Õ¼ Æнº¿öµå ÆÄÀÏ¿¡ µî·ÏµÈ hcjung¿Í webmaste¸¸ÀÌ À¥¼¹ö¿¡ Á¢¼Ó ÇÒ ¼ö ÀÖµµ·Ï Çϱâ À§Çؼ´Â ´ÙÀ½°ú °°ÀÌ ¼³Á¤ÇÒ ¼ö ÀÖ´Ù.
[root@hcjung /root]# cd /usr/local/www [root@hcjung www]# vi .htaccess AuthType Basic AuthName¡° Welcome HyunCheol¡¯s Home¡± AuthUserFile /usr/local/apache/passwords Require user hcjung webmaste |
- À§¿¡¼ Á¢±ÙÀ» Çã¿ëÇÒ »ç¿ëÀÚ¸¦ hcjung¿Í webmaster·Î ÇÑÁ¤À» Çߴµ¥ Æнº¿öµå ÆÄÀÏ¿¡ µî·ÏµÈ ¸ðµç »ç¿ëÀÚµéÀÌ Á¢±ÙÇÒ ¼ö ÀÖµµ·Ï Çϱâ À§Çؼ´Â »ç¿ëÀÚ¸¦ ÁöÁ¤ÇÏ´Â ´ë½Å¡°Require valid-user¡±¶ó°í ÇÏ¸é µÈ´Ù.
- Á¤»óÀûÀ¸·Î »ç¿ëÀÚ ÀÎÁõ ¼³Á¤ÀÌ ¿Ï·áµÇ¾úÀ» °æ¿ì À¥ ºê¶ó¿ìÁ®¿¡¼ À¥¼¹ö Á¢¼Ó½Ã ´ÙÀ½°ú °°Àº »ç¿ëÀÚ À̸§°ú ¾ÏÈ£¸¦ ¹¯´Â ÀÎÁõâÀÌ ¶ß°Ô µÈ´Ù.
- »ç¿ëÀÚ À̸§°ú ¾ÏÈ£°¡ Á¤È®ÇÏ°Ô ÀÔ·ÂµÈ °æ¿ì´Â À¥ ÆäÀÌÁö Á¢¼ÓÀÌ °¡´ÉÇÏÁö¸¸ Á¤È®ÇÏÁö ¾ÊÀ» °æ¿ì ´ÙÀ½°ú °°Àº °æ°íâÀÌ ¶ß°í Á¢¼ÓÀ» Çã°¡ÇÏÁö ¾Ê´Â´Ù.
»ç. SSL ÀÎÁõ¼ ¶Ç´Â À¥ ¾ÏÈ£È ¼Ö·ç¼ÇÀÇ Àû¿ë
¡Ü À¥À» ÅëÇÏ¿© ȸ¿ø½Å»ó, ±ÝÀ¶°Å·¡, Ä«µå¹øÈ£ µî µ¥ÀÌÅÍÀÇ ±â¹Ð¼ºÀÌ ¿ä±¸µÇ´Â µ¥ÀÌÅÍ°¡ Àü¼ÛµÈ´Ù¸é SSLÀ» Àû¿ëÇϰųª ±âŸ À¥ ¾ÏÈ£È Á¦Ç°ÀÇ Àû¿ëÀ» °í·ÁÇÏ¿©¾ß ÇÑ´Ù.
¡Ü Apache¿¡¼´Â mod-sslÀ» ÀÌ¿ëÇÏ¿© SSL ¾Ïȣȸ¦ Àû¿ëÇÒ ¼ö ÀÖ´Ù.
¡Ü SSLÀÇ Àû¿ëÀº ±âº»ÀûÀ¸·Î OpenSSLÀ» ÀÌ¿ëÇÑ Apache¿ë SSL¸ðµâ(apache/mod-ssl)À» ÀÌ¿ëÇÏ¿© »ý¼ºÇÑ ÀÚü SSL ÀÎÁõ¼¸¦ ÀÌ¿ëÇÒ ¼öµµ ÀÖ°í, À¯·á·Î Á¦°øµÇ´Â SSLÀÎÁõ¼¸¦ ÀÌ¿ëÇÒ ¼ö µµ ÀÖ´Ù.
¡Ü ÀÚü SSLÀÎÁõ¼¿Í À¯·á ÀÎÁõ¼ ¹æ½ÄÀÇ Â÷ÀÌÁ¡Àº Á¢¼ÓÇÏ´Â »ç¿ëÀÚ °üÁ¡¿¡¼ ÇØ´ç »çÀÌÆ®°¡ Á¤¸»·Î ±× »ç¿ëÀÚ°¡ ¹Ï°í(¾Ë°í)ÀÖ´Â À¥ »çÀÌÆ®ÀÎÁö ¿©ºÎ¿¡ ´ëÇÏ¿© Á¦3ÀÚ(ÀÎÁõ±â°ü)ÀÌ º¸ÁõÇØ ÁÖ´À³Ä ¾ÈÇØÁÖ´À³ÄÀÇ Â÷ÀÌ´Ù. µ¥ÀÌÅÍ¿¡ ÀÌ¿ëµÇ´Â ¾ÏÈ£È ¼öÁØÀº ¾Ë°í¸®Áò°ú Å°±æÀÌ¿Í °ü·ÃµÇ¹Ç·Î º°°³ÀÇ ¹®Á¦ÀÌ´Ù.
¾Æ. º¸¾È ÆÐÄ¡
¡Ü Apache¼³Ä¡ÈÄ ¹öÀüº°·Î ¹ß°ßµÈ Ãë¾àÁ¡Àº ApacheWeek (http://www.apacheweek.com/security/) ¿¡¼ È®ÀÎÇÒ ¼ö ÀÖ´Ù.
¡Ü °¡´ÉÇÑ ÁÖ±âÀûÀ¸·Î º¸¾È ÆÐÄ¡Á¤º¸¸¦ È®ÀÎÈÄ Á¶Ä¡ÇÏ¿©¾ß ÇÑ´Ù. Apache À¥¼¹ö °ü·Ã Ãë¾àÁ¡¿¡ ´ëÇÑ ÆÐÄ¡´Â http://www.apache.org/dist/httpd/patches/ ¿¡¼ ´Ù¿î¹ÞÀ» ¼ö ÀÖ´Ù.
ÀÚ. ¼³Á¤ÆÄÀÏ ¹× µ¥ÀÌÅÍ ¹é¾÷
¡Ü Ãʱ⠼¹ö ¼³Á¤ ÆÄÀϵé°ú ÀÌÈÄÀÇ ±âº»ÀûÀÎ ¼³Á¤ÆÄÀϵéÀº ÀϹݿ¡ °ø°³µÇ°Å³ª ´Ù¸¥ º¯È°¡ ÀϾ±â Àü¿¡ ¹é¾÷Çؼ º¸°üµÇ¾îÁ®¾ß ÇÑ´Ù. ¶ÇÇÑ ½Ã½ºÅÛ ¼³Á¤ÀÌ º¯°æµÉ ¶§¸¶´Ù À̷°ü¸®°¡ ÇÊ¿äÇÏ°í ´Ù¼öÀÇ ¼öÁ¤ÀÌ ÀÖÀ» °æ¿ì¿¡´Â ¹Ýµå½Ã ¹é¾÷À» Çϵµ·Ï ÇÑ´Ù.
¡Ü ÁÖ¿ä ¹é¾÷ µ¥ÀÌÅÍ´Â ´ÙÀ½°ú °°Àº °ÍÀÌ ÀÖ´Ù.
- ¾ÆÆÄÄ¡ °¢Á¾ ȯ°æ¼³Á¤ ÆÄÀÏ
- ¾ÆÆÄÄ¡ ¼³Ä¡°úÁ¤¿¡ »ç¿ëµÈ Install ÆÄÀÏ(°æ¿ì¿¡ µû¶ó Rebuild¿¡ ¸¹Àº ½Ã°£À» ´ÜÃàÇÒ ¼ö
ÀÖÀ½)
- »ç¿ëÀÚ ÇÁ·Î±×·¥ ¼Ò½º(PHP, JSP, CGIµî)
- À¥¼ºñ½º¿Í °ü°èµÈ µ¥ÀÌÅÍ º£À̽º µî
Â÷. ·Î±× ¼³Á¤ ¹× ºÐ¼®
¡Ü ¾ÆÆÄÄ¡´Â µÎ °³ÀÇ ·Î±× ÆÄÀÏÀ» »ç¿ëÇϴµ¥, ¿¡·¯ ·Î±×¿Í ¾×¼¼½º ·Î±×ÀÌ´Ù. ¿¡·¯ ·Î±×´Â ¾ÆÆÄÄ¡ ¼¹öÀÇ ¿¡·¯ Á¤º¸¸¦ ±â·ÏÇÏ°í, ¾×¼¼½º ·Î±×´Â ¾ÆÆÄÄ¡ ¼¹ö°¡ ó¸®ÇÏ´Â ¸ðµç ¿äû¿¡ ´ëÇÑ Á¤º¸¸¦ ±â·ÏÇÑ´Ù.
¡Ü ·Î±× ÆÄÀÏÀÇ À§Ä¡´Â httpd.conf ÆÄÀÏ¿¡¼ ÁöÁ¤ÇÑ´Ù.
# # ErrorLog : The location of th error log file # if you do not specify an ErrorLog directive within a # container, error messages relating to that virtual host will be # Logged herer. if you *do*define an error logfile for a #container, that host's errors will be logged therer and not here. # ErrorLog/var/log/httpd/error_log # # The location and format of the access logfile (Common Logfile Format). # If you do not define any access logfiles within a # container, they will be logged here. Contrariwise, if you *do* #define per- # logged therein and *not*in this file. Custom Log/var/log/httpd/access_log common |
(1) ¿¡·¯ ·Î±×
¡Ü ¿¡·¯ ·Î±× ÆÄÀÏÀÇ Æ÷¸ËÀº ºñ±³Àû ÀÚÀ¯·Î¿î Çü½ÄÀε¥, ´ëºÎºÐÀÇ °æ¿ì ´ÙÀ½°ú °°Àº Á¤º¸°¡ Æ÷ ÇԵȴÙ.
[Wed Oct 11 14:32:52 2000] [error] [client 127.0.0.1] client denied by server configuration:/ export/home/live/ap/htdocs/test |
¨ç ¸Þ½ÃÁöÀÇ ³¯Â¥¿Í ½Ã°£
¨è ¿¡·¯ÀÇ À§Çèµµ
¨é ¿¡·¯¸¦ ¹ß»ý½ÃŲ Ŭ¶óÀ̾ðÆ®ÀÇ IPÁÖ¼Ò
¨ê ¿¡·¯ ¸Þ½ÃÁöÀÇ ³»¿ë (Ŭ¶óÀ̾ðÆ®°¡ ¿äûÇÑ ¹®¼¸¦ ÆÄÀÏ ½Ã½ºÅÛ °æ·Î·Î Ç¥Çö)
¡Ü ¿¡·¯ ·Î±× ÆÄÀÏ¿¡ ±â·ÏµÉ ¿¡·¯ÀÇ À§Çèµµ ¼öÁØÀº ´ÙÀ½°ú °°ÀÌ httpd.confÆÄÀÏ¿¡¼ LogLevel Áö½ÃÀÚ¸¦ ÀÌ¿ëÇÏ¿© ÁöÁ¤ÇÒ ¼ö ÀÖ´Ù.
# # LogLevel:control the number of messages logged to the error_log # Possible values include: debug, info, notice, warn, error, crit. # alert, emerg. # LogLevel error |
(2) ¿¢¼¼½º ·Î±×
¡Ü ¾×¼¼½º ·Î±×´Â ¼¹ö°¡ ó¸®ÇÏ´Â ¸ðµç ¿äû¿¡ ´ëÇÑ Á¤º¸¸¦ ±â·ÏÇÑ´Ù. ¾×¼¼½º ·Î±×ÀÇ À§Ä¡¿Í ·Î±× Æ÷¸ËÀº CustomLog Áö½ÃÀÚ¸¦ ÅëÇØ ÁöÁ¤µÈ´Ù. LogFormat Áö½ÃÀÚ¸¦ ÀÌ¿ëÇؼ ´Ù¾çÇÑ ·Î±× Æ÷¸ËÀ» ¸¸µé¾î ³õ°í, °£´ÜÇÏ°Ô ¼±ÅÃÇÏ¿© »ç¿ëÇÒ ¼ö ÀÖ´Ù.
¡Ü ¾×¼¼½º ·Î±×·Î »ç¿ëµÇ´Â °øÅëÀûÀÎ ·Î±× Æ÷¸ËÀº Common Log Format(CLF)°ú Combined Log Format(CLF)ÀÌ´Ù.
°¡) Common Log Format(CLF): ¸¹Àº ´Ù¸¥ À¥ ¼¹ö¿¡¼µµ µ¿ÀÏÇÏ°Ô »ý¼ºµÇ´Â Æ÷¸ËÀÌ°í, ¸¹Àº ·Î±× ºÐ¼® ÇÁ·Î±×·¥ÀÌ ÀÐÀ» ¼ö ÀÖ´Â Æ÷¸ËÀÌ´Ù. httpd.conf ÆÄÀÏ¿¡¼ ´ÙÀ½°ú °°ÀÌ ¼³Á¤ÇÒ ¼ö ÀÖ´Ù.
LogFormat "%h %1 %u %t \" %\" %>s %b" common CustomLog logs/access_log common |
¡Ü LogFormat Áö½ÃÀÚ´Â ÇϳªÀÇ Æ÷¸Ë ½ºÆ®¸µÀ» Á¤ÀÇÇÏ°í commonÀ̶ó´Â ´Ð³×ÀÓÀ» ºÙÀδÙ.
CustomLog Áö½ÃÀÚ´Â ·Î±×°¡ ÀúÀåµÉ ÆÄÀÏÀÇ À§Ä¡¿Í À̸§, ±×¸®°í ÀúÀåµÉ ·Î±×ÀÇ Æ÷¸ËÀ» Á¤ ÀÇÇÑ´Ù.
¡Ü ÀÌ Æ÷¸Ë¿¡ ÀÇÇØ »ý¼ºµÈ ·Î±×´Â ´ÙÀ½°ú °°´Ù.
172.16.5.100 - jun [ 08/Apr/2003:16:03:43 + 0900] "GET / php HTTP/1.1"301 |
¨ç Ŭ¶óÀ̾ðÆ®ÀÇ IP ÁÖ¼Ò(%h) HostnameLookupsÀÌ OnÀ¸·Î ¼³Á¤µÇ¾î ÀÖÀ¸¸é IPÁÖ¼Ò ´ë½Å È£ ½ºÆ®³×ÀÓÀ» ã¾Æ¼ ÀúÀåÇÑ´Ù(ÀÌ ¼³Á¤À¸·Î ¼¹ö°¡ Å©°Ô ´À·ÁÁú ¼ö Àֱ⠶§¹®¿¡ °¡´ÉÇÏ¸é »ç¿ë ÇÏÁö ¾Êµµ·Ï ÇÑ´Ù).
¨è Ŭ¶óÀ̾ðÆ®ÀÇ identity(%l) Ŭ¶óÀ̾ðÆ® ÄÄÇ»ÅÍÀÇ identd¿¡ ÀÇÇØ °áÁ¤µÈ Ŭ¶óÀ̾ðÆ® identity. IdentityCheck°¡ OnÀ¸·Î ¼³Á¤µÇ¾î ÀÖÁö ¾ÊÀ¸¸é ÀÌ Á¤º¸¸¦ ãÁö ¾Ê´Â´Ù(ÀÌ ¼³Á¤À¸·Î ¼¹ö°¡ ´À·ÁÁú ¼ö ÀÖ°í, identity Á¤º¸µµ ½Å·ÚÇϱ⠾î·Æ±â ¶§¹®¿¡ °¡´ÉÇÏ¸é »ç¿ëÇÏÁö ¾Êµµ ·Ï ÇÑ´Ù).
¨é HTTP ÀÎÁõÀ» ¹ÞÀº »ç¿ëÀÚÀÇ ID(%u) ÀÎÁõÀ» ¹ÞÁö ¸øÇÑ °æ¿ì¿¡(»óÅ Äڵ尡 401ÀÎ °æ¿ì) ÀÌ°ªÀº ºÎÁ¤È®ÇÏ´Ù. ¶ÇÇÑ ¿äû¹ÞÀº ¹®¼°¡ ÀÎÁõÀ» ¿ä±¸ÇÏÁö ¾Ê´Â °æ¿ì¿¡´Â -·Î Ç¥½ÃµÈ´Ù.
¨ê ¼¹ö°¡ ¿äû 󸮸¦ ³¡³½ ½Ã°£(%t) [ÀÏ/¿ù/³â:½Ã:ºÐ:ÃÊ Áö¿ª]
¨ë Ŭ¶óÀ̾ðÆ®ÀÇ ¿äû ³»¿ë(\ %r\ ) »ç¿ëÇÑ ¸Þ¼Òµå, ¿äûÇÑ ÀÚ¿ø, »ç¿ëÇÑ ÇÁ·ÎÅäÄÝ
¨ì »óÅÂÄÚµå(%>s) ¼¹ö°¡ Ŭ¶óÀ̾ðÆ®¿¡°Ô º¸³½ »óÅ ÄÚµå. 2XX(¼º°ø), 3XX (redirection), 4XX(Ŭ¶óÀ̾ðÆ®¿¡ ÀÇÇÑ ¿¡·¯), 5XX(¼¹ö¿¡ ÀÇÇÑ ¿¡·¯). »ó¼¼ÇÑ »óÅ ÄÚµå´Â ºÎ·ÏÀ» Âü°íÇÑ´Ù.
¨í Ŭ¶óÀ̾ðÆ®¿¡°Ô Àü¼ÛµÈ ÄÁÅÙÃ÷ÀÇ Å©±â response header ºÎºÐÀº Æ÷ÇÔµÇÁö ¾Ê´Â´Ù. Ŭ¶óÀ̾ðÆ®¿¡°Ô Àü¼ÛµÈ ÄÁÅÙÃ÷°¡ ¾øÀ¸¸é ÀÌ °ªÀº -·Î Ç¥½ÃµÈ´Ù.
³ª) ´ÙÀ½Àº Combined Log Format :
¡Ü httpd.conf ÆÄÀÏ¿¡¼ ´ÙÀ½°ú °°ÀÌ ¼³Á¤ÇÒ ¼ö ÀÖ´Ù.
LogFormat "%h %l %u %t \"%r\" %>s %b \"% {Referer}i\" \"%{User-agnet}i\"" combined CustomLog log/acces_log combined |
¡Ü ÀÌ Æ÷¸ËÀº µÎ °³ÀÇ Çʵ带 Á¦¿ÜÇϸé Common Log Format°ú µ¿ÀÏÇÏ´Ù. Ãß°¡µÈ Çʵå´Â ÆÛ¼¾Æ® Áö½ÃÀÚ %{header}i¸¦ »ç¿ëÇÏ°í Àִµ¥, header´Â HTTP request header Áß ÀϺΰ¡ µÉ ¼ö ÀÖ´Ù. ÀÌ Æ÷¸Ë¿¡ ÀÇÇØ »ý¼ºµÈ ·Î±×´Â ´ÙÀ½°ú °°´Ù.
172.16.5.100 - jun [ 08/Apr/2003:16:03:43 + 0900] "GET / php HTTP/1.1"301 313 "-" "Mozilla/4.0 (compatible: MSIE 6.0: Windows NT 5,0)" |
¨ç Ŭ¶óÀ̾ðÆ®°¡ ¿äûÇÑ ÀÚ¿øÀÌ includeµÇ¾ú°Å³ª ¸µÅ©µÈ ÆäÀÌÁö(\ %{Referer}I\) À§ ¿¹Á¦¿¡ ¼´Â ±×·¯ÇÑ ÆäÀÌÁö°¡ ¾øÀ½
¨è Ŭ¶óÀ̾ðÆ® ºê¶ó¿ìÀú¿¡ ´ëÇÑ Á¤º¸(\ %{User-agent}I\)
´Ù) ·Î±× ¼³Á¤½Ã À¯ÀÇ»çÇ×
¡Ü ¾ÆÆÄÄ¡´Â ´ëºÎºÐÀÇ °æ¿ì root±ÇÇÑÀ¸·Î ·Î±ëÀ» ¼öÇàÇϴµ¥, ½Ã½ºÅÛ»ç¿ëÀÚ´Â ¾ÆÆÄÄ¡ÀÇ ·Î±× ÆÄÀÏÀ» ´Ù¸¥ Áß¿ä ½Ã½ºÅÛ ÆÄÀÏ¿¡ ´ëÇÑ ¸µÅ©·Î ´ëüÇÏ¿©, root ±ÇÇÑÀ¸·Î ´Ù¸¥ Áß¿ä ½Ã½ºÅÛ ÆÄÀÏÀÇ ³»¿ëÀ» º¯°æÇÒ ¼ö ÀÖ´Ù.
¡Ü µû¶ó¼, ÀϹݻç¿ëÀÚ´Â ·Î±×°¡ ÀúÀåµÇ´Â µð·ºÅ丮¿¡ ´ëÇØ ¾²±â ±ÇÇÑÀÌ ¾øµµ·Ï ¼³Á¤ÇØ¾ß ÇÑ´Ù.
¡Ü ¶ÇÇÑ ·Î±× ÆÄÀÏ¿¡ Ŭ¶óÀ̾ðÆ®°¡ Á¦°øÇÏ´Â µ¥ÀÌÅÍ°¡ µé¾î°¥ °æ¿ì ¾ÇÀÇÀûÀΠŬ¶óÀ̾ðÆ®°¡ Á¦¾î ¹®ÀÚ µîÀ» ·Î±× ÆÄÀÏ¿¡ »ðÀÔÇÏ¿© À¥ ¼¹ö¸¦ ħÇØÇÒ ¼ö ÀÖ´Ù. ƯÈ÷ Ŭ¶óÀ̾ðÆ®°¡ À¥ ¼ºñ½º¸¦ ÅëÇؼ ¾ÆÆÄÄ¡ÀÇ ·Î±× ÆÄÀÏÀ» º¼ ¼ö ¾øµµ·Ï ÇØ¾ß ÇÑ´Ù.
ModSecurity¸¦ ÀÌ¿ëÇÑ ¾ÆÆÄÄ¡ À¥¼¹ö º¸¾È
¡à ModSecurityÀÇ ÁÖ¿ä Ư¡
o ¿äû(request) ÇÊÅ͸µ
- Ŭ¶óÀ̾ðÆ®·ÎºÎÅÍ À¥¿äûÀÌ µé¾î¿Ã ¶§ À¥¼¹ö ¶Ç´Â ´Ù¸¥ ¸ðµâµéÀÌ Ã³¸®Çϱâ Àü¿¡
ModSecurity°¡ ¿äû ³»¿ëÀ» ºÐ¼®ÇÏ¿© »çÀü¿¡ ÇÊÅ͸µÇÑ´Ù.
o ¿ìȸ ¹æÁö ±â¼ú
- °æ·Î¿Í ÆĶó¹ÌÅ͸¦ ºÐ¼®Çϱâ Àü¿¡ Á¤±ÔȽÃÄÑ ¿ìȸ °ø°ÝÀ» Â÷´ÜÇÑ´Ù.
- Áï, ¡°//¡±, ¡°\/¡±, ¡°.¡±, ¡°%00¡± µî ¿ìȸ °ø°Ý¿ë ½ºÆ®¸µÀ» Á¦°ÅÇÏ°í, ÀÎÄÚµùµÈ URLÀ» µðÄÚµùÇÑ´Ù.
o HTTP ÇÁ·ÎÅäÄÝ ÀÌÇØ
- ¿£ÁøÀÌ HTTP ÇÁ·ÎÅäÄÝÀ» ÀÌÇØÇϱ⠶§¹®¿¡ ¾ÆÁÖ Àü¹®ÀûÀÌ°í ¹Ì¼¼ÇÑ ÇÊÅ͸µÀ» ¼öÇàÇÒ ¼ö ÀÖ´Ù.
o POST ÆäÀ̷εå(payload) ºÐ¼®
- GET ¹æ½Ä »Ó¸¸ ¾Æ´Ï¶ó POST ¸Þ¼Òµå¸¦ »ç¿ëÇؼ Àü¼ÛµÇ´Â ÄÁÅÙÃ÷µµ °¡·Îä¾î ºÐ¼®ÇÒ ¼ö ÀÖ´Ù.
o °¨»ç ·Î±ë
- POST¸¦ Æ÷ÇÔÇÏ¿© ¸ðµç ¿äûÀÇ ¸ðµç »ó¼¼ÇÑ ºÎºÐµé±îÁö ÃßÈÄ ºÐ¼®À» À§Çؼ ·Î±ëµÉ ¼ö ÀÖ´Ù.
- MosSecurity¿¡¼ Â÷´Ü±â´ÉÀ» ºñÈ°¼ºÈ½ÃŲ ÈÄ, °·ÂÇÑ ·Î±ë ±â´É¸¸À¸·Î ħÀÔŽÁö ½Ã½ºÅÛ ¿ªÇÒÀ»
¼öÇàÇÒ ¼ö ÀÖµµ·Ï ÇÑ´Ù.
o HTTPS ÇÊÅ͸µ
- ¿£ÁøÀº À¥¼¹ö¿¡ ÀÓº£µðµåµÇ¾î Àֱ⠶§¹®¿¡ º¹È£È ÇÑ ÈÄ¿¡ ¿äû µ¥ÀÌÅÍ¿¡ Á¢±ÙÇÏ¿© HTTPS
¸¦ ÅëÇÑ °ø°Ýµµ ÇÊÅ͸µÇÒ ¼ö ÀÖ´Ù.
¡à ModSecurity ¼³Ä¡ ȯ°æ
¸ÕÀú º» °í¿¡¼´Â ´ÙÀ½ ȯ°æ¿¡¼ ModSecurity¸¦ ¼³Ä¡ÇÏ¿© Å×½ºÆ®ÇÏ¿´´Ù.
o Ç÷§Æû : Linux 2.6.8-2-686-smp
o À¥¼¹ö : Apache 2.2.0
o ModSecurity ¼Ò½ºÄÚµå µð·ºÅ丮 : /usr/local/modsecurity-apache-1.9.2
o ¾ÆÆÄÄ¡ ¼Ò½ºÄÚµå µð·ºÅ丮 : /usr/local/httpd-2.2.0
o ¾ÆÆÄÄ¡ À¥¼¹ö Ȩ µð·ºÅ丮 : /usr/local/apache2
¡à ModSecurity ÇÁ·Î±×·¥ ´Ù¿î·Îµå
¼³Ä¡ÇÏ°íÀÚ ÇÏ´Â ¾ÈÁ¤È ¹öÀüÀÎ 1.9.2´Â ´ÙÀ½ »çÀÌÆ®¿¡¼ ´Ù¿î·Îµå ¹ÞÀ» ¼ö ÀÖ´Ù.
http://www.modsecurity.org/download/modsecurity-apache-1.9.2.tar.gz
´Ù¿î·Îµå ¹ÞÀº ÈÄ ´ÙÀ½ÀÇ ¸í·ÉÀ¸·Î ¾ÐÃà ¹× ÆÐŰ¡À» ÇØÁ¦ÇÑ´Ù.
# tar xvzf modsecurity-apache-1.9.2.tar.gz
# mv modsecurity-apache-1.9.2 /usr/local/
# cd modsecurity-apache-1.9.2
# ls -al
drwxr-xr-x 6 1000 1000 4096 2006-01-17 03:36 .
drwxrwsr-x 12 root staff 4096 2006-02-22 16:07 ..
drwxr-xr-x 2 1000 1000 4096 2006-01-17 03:36 apache1
drwxr-xr-x 2 1000 1000 4096 2006-01-17 03:36 apache2
-rw-r--r-- 1 1000 1000 26381 2006-01-16 21:31 CHANGES
drwxr-xr-x 3 1000 1000 4096 2006-01-17 03:37 doc
-rw-r--r-- 1 1000 1000 1811 2006-01-09 21:33 httpd.conf.example-minimal
-rw-r--r-- 1 1000 1000 881 2005-11-01 22:52 INSTALL
-rw-r--r-- 1 1000 1000 17989 2003-05-29 05:36 LICENSE
-rw-r--r-- 1 1000 1000 994 2006-01-09 23:45 README
drwxr-xr-x 2 1000 1000 4096 2006-01-17 03:36 util
total 84
¡à ModSecurity ÇÁ·Î±×·¥ ¼³Ä¡
¢¹ DSO ¹æ½Ä ¼³Ä¡
DSO ¹æ½ÄÀº ¾ÆÆÄÄ¡ À¥¼¹öÀÇ À缳ġ °úÁ¤¾øÀÌ ±âÁ¸¿¡ ¿î¿µµÇ°í ÀÖ´Â ¾ÆÆÄÄ¡ À¥¼¹ö¿¡ ¸ðµâÀ»
µ¿ÀûÀ¸·Î Ãß°¡ÇÏ´Â ¹æ½ÄÀ̹ǷΠ±âÁ¸¿¡ ¾ÆÆÄÄ¡ À¥¼¹ö¸¦ ÀÌ¹Ì ¿î¿µ ÁßÀÎ ±â°üÀÇ °æ¿ì DSO ¹æ½ÄÀ»
¼±ÅÃÇÏ´Â °ÍÀ» ±ÇÀåÇÑ´Ù. DSO ¹æ½ÄÀ¸·Î ¼³Ä¡ÇÏ´Â °ÍÀº ¾ÆÆÄÄ¡ ¹öÀü¿¡ »ó°ü¾øÀÌ ´ÙÀ½°ú °°ÀÌ ¼³Ä¡
ÇÒ ¼ö ÀÖ´Ù.
¨ç apxs¸¦ ÀÌ¿ëÇÏ¿© ModSecurity ¸ðµâÀ» ÄÄÆÄÀÏÇÏ°í, ¼³Ä¡ÇÏ°í, ¼³Á¤À» ÀÚµ¿À¸·Î º¯°æÇÑ´Ù.
# /usr/local/apache2/bin/apxs -cia /usr/local/modsecurity-apache-1.9.2/apache2/mod_security.c
À§ÀÇ ¸í·ÉÀº mod_security.c¸¦ ÄÄÆÄÀÏ ÇÏ°í(-c ¿É¼Ç), °øÀ¯°´Ã¼¸¦ À¥¼¹ö modules µð·ºÅ丮¿¡
¼³Ä¡ÇÏ°í(-i ¿É¼Ç), ¾ÆÆÄÄ¡ httpd.conf ¼³Á¤ÆÄÀÏ¿¡ ÀûÀýÇÑ LoadModule ÁÙÀ» Ãß°¡(-a ¿É¼Ç)ÇÑ´Ù.
Âü°í·Î apxs´Â ¾ÆÆÄÄ¡ À¥¼¹öÀÇ È®Àå¸ðµâÀ» ÄÄÆÄÀÏÇÏ°í ¼³Ä¡ÇÏ´Â µµ±¸·Î½á, ¿©·¯ ¼Ò½º¿Í ¿Àºê
Á§Æ®ÆÄÀÏÀ» LoadModule Áö½Ã¾î·Î ½ÇÇà ÁßÀÎ ¾ÆÆÄÄ¡ ¼¹ö·Î ÀÐ¾î µéÀÏ ¼ö ÀÖ´Â µ¿Àû°øÀ¯°´Ã¼
(DSO)¸¦ ¸¸µç´Ù. À§ÀÇ °á°ú·Î modules µð·ºÅ丮¿¡ mod_security.so°¡ »ý¼ºµÇ°í httpd.conf ÆÄ
ÀÏ¿¡ ¡°LoadModule security_module modules/mod_security.so¡± ¶óÀÎÀÌ Ãß°¡µÈ´Ù.
¨è À§ÀÇ °úÁ¤À¸·Î ¸ðµâÀÌ Á¤»óÀûÀ¸·Î ¼³Ä¡µÇ¾ú´ÂÁö È®ÀÎÇÑ´Ù.
linux-web:/usr/local/apache2/bin# ./httpd -l
Compiled in modules:
core.c
...
mod_security.c
...
mod_so.c
¨é ¾ÆÆÄÄ¡ À¥¼¹ö¸¦ À籸µ¿ÇÑ´Ù.
# <apache-home>/bin/apachectl stop
# <apache-home>/bin/apachectl start
¿©±â±îÁö ModSecurityÀÇ ¸ðµâ ¼³Ä¡°¡ ³¡³µÀ¸³ª, ¾ÆÁ÷ ·ê(Rule)¿¡ ´ëÇÑ Á¤ÀǸ¦ ÇÏÁö ¾Ê¾ÒÀ¸¹Ç·Î
°ø°ÝÀ» ¹æ¾îÇÏÁö´Â ¸øÇÑ´Ù. À̸¦ ±¸µ¿Çϱâ À§Çؼ´Â ´ÙÀ½ ÀåÀÇ ModSecurity È°¼ºÈ ¹× Rule Á¤ÀǸ¦
À§ÇÑ È¯°æ¼³Á¤À» »ìÆ캸µµ·Ï ÇÏÀÚ.
¢¹ ¼Ò½º ÄÄÆÄÀÏÀ» ÅëÇÑ ¼³Ä¡
DSO ¹æ½ÄÀÌ ¾Æ´Ñ Á¤ÀûÀ¸·Î ¼Ò½º ÄÄÆÄÀÏ µÉ °æ¿ì¿¡´Â ModSecurity ¸ðµâÀÌ À¥¼¹öÀÇ body¿¡ Æ÷
ÇÔµÇ°Ô µÈ´Ù. ÀÌ ¹æ¹ýÀº DSO ¹æ½Ä¿¡ ºñÇØ ´Ù¼Ò ½ÇÇà ¼Óµµ°¡ ºü¸£Áö¸¸, ¾ÆÆÄÄ¡ À¥¼¹ö¸¦ ´Ù½Ã »õ
·Ó°Ô ¼³Ä¡ÇØ¾ß ÇÏ°í ¼³Ä¡°¡ ¾à°£ º¹ÀâÇÑ ´ÜÁ¡ÀÌ ÀÖ´Ù.
¶ÇÇÑ, ¾ÆÆÄÄ¡ ¹öÀü¿¡ µû¶ó ¼³Ä¡¸¦ À§ÇÑ »çÀü ¼³Á¤À» ´Þ¸® ÇØ ÁÖ¾î¾ß ÇÑ´Ù.
<¾ÆÆÄÄ¡ 1.xÀÇ °æ¿ì>
$ cd <apache1-source>
$ cp <modsecurity-source>/apache1/mod_security.c ./src/modules/extra
$ ./configure --activate-module=src/modules/extra/mod_security -–enable-module=security
<¾ÆÆÄÄ¡ 2.xÀÇ °æ¿ì>
$ cd <apache2-source>
$ cp <modsecurity-source>/apache2/mod_security.c ./modules/proxy
$ ./configure -enable-security --with-module=proxy:mod_security.c
¾ÆÆÄÄ¡ 1.x ¶Ç´Â ¾ÆÆÄÄ¡ 2.x¿¡¼ À§ÀÇ °úÁ¤À» °ÅÄ£ ÈÄ¿¡, ÀϹÝÀûÀÎ ¾ÆÆÄÄ¡ ÄÄÆÄÀÏ°ú ¼³Ä¡ °úÁ¤À»
°ÅÄ¡¸é µÈ´Ù.
make
make install
/usr/local/apache2/bin/apachectl start
DSO ¹æ½Ä°ú´Â ´Þ¸® ¼Ò½º ÄÄÆÄÀÏÀ» ÅëÇÑ ¼³Ä¡½Ã¿¡´Â httpd.conf ÆÄÀÏ¿¡ ¾Æ¹«·± ³»¿ëÀÌ Ãß°¡µÇÁö ¾Ê´Â
´Ù. DSO ¹æ½Ä°ú ¸¶Âù°¡Áö·Î ModSecurity¸¦ È°¼ºÈ½ÃÅ°±â À§Çؼ´Â ´ÙÀ½ ÀåÀÇ ModSecurity È°¼ºÈ ¹×
Rule Á¤ÀǸ¦ À§ÇÑ È¯°æ¼³Á¤ÀÌ ÇÊ¿äÇÏ´Ù.
¡à ModSecurity Rule ¼³Á¤ ¿¹
##### Configuration #####
SecFilterEngine On
SecFilterScanPost On
SecFilterScanOutput Off
SecFilterOutputMimeTypes "(null) text/html text/plain"
##### Validation #####
SecFilterCheckURLEncoding On
SecUploadDir /tmp
SecUploadKeepFiles Off
SecFilterCheckUnicodeEncoding Off
SecFilterForceByteRange 1 255
SecFilterDefaultAction "log,deny,status:403"
##### Logging #####
SecFilterDebugLog logs/modsec_debug.log
SecFilterDebugLevel 1
SecAuditEngine RelevantOnly
SecAuditLog logs/modsec_audit.log
##### Hardening #####
# Body¸¦ °¡Áø GET ¶Ç´Â HEAD ¿äû Â÷´Ü(°ø°Ý °¡´É¼º ³ôÀ½)
SecFilterSelective REQUEST_METHOD "^(GET|HEAD)$" chain
SecFilterSelective HTTP_Content-Length "!^$"
SecFilterSelective SERVER_PROTOCOL "!^HTTP/(0\.9|1\.0|1\.1)$"
# Content-Length°¡ ¾ø´Â POST ¿äû Â÷´Ü
SecFilterSelective REQUEST_METHOD "^POST$" chain
SecFilterSelective HTTP_Content-Length "^$"
SecFilterSelective HTTP_Transfer-Encoding "!^$"
##### General #####
SecFilterSelective HTTP_Host|HTTP_User-Agent|HTTP_Accept "^$"
SecFilterSelective HTTP_User-Agent "(libwhisker|paros|wget|libwww|perl|curl|java)"
##### SQL Injection Attacks #####
##### (PHPmyAdmin °°Àº DB ¼³Á¤ ÇÁ·Î±×·¥ »ç¿ë½Ã °ü·Ã ¼³Á¤ º¯°æ ÇØ¾ß ÇÔ) #####
SecFilterSignatureAction "log,deny,msg:'SQL Injection attack'"
SecFilterSelective ARGS "delete[[:space:]]+from"
SecFilterSelective ARGS "drop[[:space:]]+database"
SecFilterSelective ARGS "drop[[:space:]]+table"
SecFilterSelective ARGS "drop[[:space:]]+column"
SecFilterSelective ARGS "drop[[:space:]]+procedure"
SecFilterSelective ARGS "create[[:space:]]+table"
SecFilterSelective ARGS "update.+set.+="
SecFilterSelective ARGS "insert[[:space:]]+into.+values"
SecFilterSelective ARGS "select.+from"
SecFilterSelective ARGS "bulk[[:space:]]+insert"
SecFilterSelective ARGS "union.+select"
SecFilterSelective ARGS "or.+1[[:space:]]*=[[:space:]]1"
SecFilterSelective ARGS "alter[[:space:]]+table"
SecFilterSelective ARGS "or 1=1--'"
SecFilterSelective ARGS "'.+--"
SecFilterSelective ARGS "into[[:space:]]+outfile"
SecFilterSelective ARGS "load[[:space:]]+data
SecFilterSelective ARGS "/\*.+\*/"
##### XSS Attacks #####
SecFilterSignatureAction "log,deny,msg:'XSS attack'"
SecFilterSelective ARGS "<script"
SecFilterSelective ARGS "javascript:"
SecFilterSelective ARGS "vbscript:"
SecFilterSelective ARGS "document\.cookie"
SecFilterSelective ARGS "document\.location"
SecFilterSelective ARGS "document\.write"
##### Command Execution #####
SecFilterSignatureAction "log,deny,msg:'Command execution attack'"
SecFilterSelective ARGS_VALUES ";[[:space:]]*(ls|id|pwd|wget)"
##### PHP Attacks #####
##### (À̺κÐÀ» Àû¿ëÇÏ¸é ¼îÇθô °áÁ¦°¡ ¾ÈµÈ´Ù.) #####
SecFilterSignatureAction "log,deny,msg:'PHP Injection Attacks'"
SecFilterSelective ARGS_VALUES "^http:/"
SecFilterSelective ARGS_NAMES "(^globals\[|^globals$)"
#############################
# < À¥È£½ºÆà ¾÷ü¿ë >
#
# ÀÌ RuleÀº ´Ù¼öÀÇ À¥»çÀÌÆ®°¡ ¿î¿µµÇ´Â À¥È£½ºÆà ¼¹ö¿¡¼ È°¿ë°¡´ÉÇÑ ÃÖ¼Ò°ø°ÝÂ÷´Ü RuleÀÔ´Ï´Ù.
# ÀÌ RuleÀ» Âü°íÇÏ¿© °¢ À¥»çÀÌÆ®¿¡ ÀûÇÕÇÑ Rule·Î Ä¿½ºÆ®¸¶ÀÌ¡ÇϽñ⠹ٶø´Ï´Ù.
# Rule Ä¿½ºÆ®¸¶ÀÌ¡ ÈÄ¿¡´Â °ø°ÝŽÁö½Ã Â÷´ÜÇϵµ·Ï SecFilterDefaultAction ¿¡¼
# pass¸¦ deny·Î ¼öÁ¤ÇϽñ⠹ٶø´Ï´Ù.
#
#############################
#############################
# 1. ModSecurity µ¿ÀÛ À¯/¹«
# SecFilterEngine On | Off
# On : ModSecurity ±â´É È°¼ºÈ
# Off : ModSecurity ±â´É ºñÈ°¼ºÈ
SecFilterEngine On
#############################
# 2. ±âº» ¼³Á¤
# ±âº»ÀûÀ¸·Î ·êÀÌ ¸ÅÄ¡ µÉ °æ¿ì ÇàÀ§(Action) ÁöÁ¤
# SecFilterDefaultAction "ÇàÀ§"
# ÇàÀ§ : deny, pass, allow, status:apache error code
#
# ·ê Ä¿½ºÆ®¸¶ÀÌ¡ ¿Ï·á ÈÄ °ø°ÝŽÁö½Ã Â÷´ÜÇϵµ·Ï SecFilterDefaultAction ¿¡¼ pass¸¦ deny·Î ¼öÁ¤ ÇÊ¿ä
#
# SecFilterDefaultAction "deny,log,status:406"
SecFilterDefaultAction "pass,log"
# ¾ÆÆÄÄ¡ÀÇ ±âº» ·Î±×º¸´Ù ÀÚ¼¼ÇÑ °ø°Ý°ü·Ã ·Î±×¸¦ ±â·Ï
SecAuditEngine RelevantOnly
SecAuditLog logs/modsec_audit.log
# À¥¼¹öÀÇ Çì´õ Á¤º¸ º¯°æ
SecServerSignature "Microsoft-IIS/5.0"
# POST ¸Þ¼ÒµåÀÇ Payload¸¦ Á¡°Ë
SecFilterScanPost On
# ÀÎÄÚµùµÈ ¹®ÀÚ¸¦ ÀÏ¹Ý ÅؽºÆ® ¹®ÀÚ·Î º¯È¯
# °¡·É, 16Áø¼ö·Î ÀÎÄÚµùµÈ %AB ÇüŸ¦ ÀÏ¹Ý ÅؽºÆ®·Î º¯È¯ÇÔ
SecFilterCheckURLEncoding On
# SecFilterCheckUnicodeEncoding UTF-8 Àü¿ë ¼¹öÀÏ °æ¿ì On
SecFilterCheckUnicodeEncoding Off
#############################
# 3. PHP ÀÎÁ§¼Ç Ãë¾à °ø°Ý ¹æÁö(Á¦·Îº¸µå ´ë»ó °ø°Ý Æ÷ÇÔ)
SecFilterSignatureAction "msg:'PHP Injection Attacks'"
SecFilterSelective ARGS_VALUES "^http:/"
SecFilterSelective REQUEST_URI "/include/write\.php\?dir=(ftp|http):"
SecFilterSelective REQUEST_URI "/include/print_category\.php\?setup=1&dir=(ftp|http):"
SecFilterSelective REQUEST_URI "/zero_vote/error\.php\?dir=(ftp|http):"
SecFilterSelective REQUEST_URI "/outlogin\.php\?_zb_path=(ftp|http):"
SecFilterSelective REQUEST_URI "filename=\|"
SecFilterSelective REQUEST_URI "check_user_id\.php\?user_id=<script>alert(document\.cookie)"
#############################
# 4. ¸í·É¾î ½ÇÇà ¹æÁö
SecFilterSignatureAction "msg:'Command execution attack'"
SecFilterSelective ARGS_VALUES ";[[:space:]]*(ls|id|pwd|wget|cd)"
#############################
# 5. XSS °ø°Ý ¹æÁö
SecFilterSignatureAction "msg:'XSS attack'"
SecFilterSelective ARGS "alert[[:space:]]*\("
SecFilterSelective ARGS "&#[[0-9a-fA-F]]{2}"
SecFilterSelective ARGS "eval[[:space:]]*\("
SecFilterSelective ARGS "onKeyUp"
SecFilterSelective ARGS "\x5cx[0-9a-fA-F]{2}"
SecFilterSelective ARGS "fromCharCode"
SecFilterSelective ARGS "&\{.+\}"
SecFilterSelective ARGS "<.+>"
SecFilterSelective ARGS "vbscript:"
SecFilterSelective ARGS "http-equiv"
SecFilterSelective ARGS "-->"
SecFilterSelective ARGS "expression[[:space:]]*\("
SecFilterSelective ARGS "url[[:space:]]*\("
SecFilterSelective ARGS "innerHTML"
SecFilterSelective ARGS "document\.body"
SecFilterSelective ARGS "document\.cookie"
SecFilterSelective ARGS "document\.location"
SecFilterSelective ARGS "document\.write"
SecFilterSelective ARGS "style[[:space:]]*="
SecFilterSelective ARGS "dynsrc"
SecFilterSelective ARGS_VALUES "jsessionid"
SecFilterSelective ARGS_VALUES "phpsessid"
#############################
# 6. SSI ÀÎÁ§¼Ç °ü·Ã °ø°Ý Â÷´Ü
SecFilterSignatureAction "msg:'SSI injection attack'"
SecFilterSelective ARGS "<!--[[:space:]]*#[[:space:]]*exec"
SecFilterSelective ARGS "<!--[[:space:]]*#[[:space:]]*cmd"
SecFilterSelective ARGS "<!--[[:space:]]*#[[:space:]]*echo"
SecFilterSelective ARGS "<!--[[:space:]]*#[[:space:]]*include"
SecFilterSelective ARGS "<!--[[:space:]]*#[[:space:]]*printenv"
#############################
# 7. ½ºÆÐ¸Ó ÇÁ·Î±×·¥ º¿
SecFilterSignatureAction "msg:'Robot attack'"
SecFilterSelective HTTP_USER_AGENT "WebBandit"
SecFilterSelective HTTP_USER_AGENT "WEBMOLE"
SecFilterSelective HTTP_USER_AGENT "Telesoft*"
SecFilterSelective HTTP_USER_AGENT "WebEMailExtractor"
SecFilterSelective HTTP_USER_AGENT "CherryPicker*"
SecFilterSelective HTTP_USER_AGENT "NICErsPRO"
SecFilterSelective HTTP_USER_AGENT "Advanced Email Extractor*"
SecFilterSelective HTTP_USER_AGENT "EmailSiphon"
SecFilterSelective HTTP_USER_AGENT "Extractorpro"
SecFilterSelective HTTP_USER_AGENT "webbandit"
SecFilterSelective HTTP_USER_AGENT "EmailCollector"
SecFilterSelective HTTP_USER_AGENT "WebEMailExtrac*"
SecFilterSelective HTTP_USER_AGENT "EmailWolf"
SecFilterSelective HTTP_USER_AGENT "Microsoft URL Control"
SecFilterSelective HTTP_USER_AGENT "^Microsoft URL"
###########################################
# 8. °Ë»ö¿£Áø Recon/Google ÀÌ¿ëÇÑ ÇØÅ· ¹æÁö
SecFilterSignatureAction "msg:'Recon/Google attack'"
SecFilterSelective HTTP_Referer "Powered by Gravity Board"
SecFilterSelective HTTP_Referer "Powered by SilverNews"
SecFilterSelective HTTP_Referer "Powered.*PHPBB.*2\.0\.\ inurl\:"
SecFilterSelective HTTP_Referer "PHPFreeNews inurl\:Admin\.php"
SecFilterSelective HTTP_Referer "inurl.*/cgi-bin/query"
SecFilterSelective HTTP_Referer "inurl.*tiki-edit_submission\.php"
SecFilterSelective HTTP_Referer "inurl.*wps_shop\.cgi"
SecFilterSelective HTTP_Referer "inurl.*edit_blog\.php.*filetype\:php"
SecFilterSelective HTTP_Referer "inurl.*passwd.txt.*wwwboard.*webadmin"
SecFilterSelective HTTP_Referer "inurl.*admin\.mdb"
SecFilterSelective HTTP_Referer "filetype:sql \x28\x22passwd values.*password values.*pass values"
SecFilterSelective HTTP_Referer "filetype.*blt.*buddylist"
SecFilterSelective HTTP_Referer "File Upload Manager v1\.3.*rename to"
SecFilterSelective HTTP_Referer "filetype\x3Aphp HAXPLORER .*Server Files Browser"
SecFilterSelective HTTP_Referer "inurl.*passlist\.txt"
SecFilterSelective HTTP_Referer "wwwboard WebAdmininurl\x3Apasswd\.txt wwwboard\x7Cwebadmin"
SecFilterSelective HTTP_Referer "Enter ip.*inurl\x3A\x22php-ping\.php\x22"
SecFilterSelective HTTP_Referer "intitle\.*PHP Shell.*Enable stderr.*filetype\.php"
SecFilterSelective HTTP_Referer "inurl\.*install.*install\.php"
SecFilterSelective HTTP_Referer "Powered by PHPFM.*filetype\.php -username"
SecFilterSelective HTTP_Referer "inurl\.*phpSysInfo.*created by phpsysinfo"
SecFilterSelective HTTP_Referer "SquirrelMail version 1\.4\.4.*inurl:src ext\.php"
SecFilterSelective HTTP_Referer "inurl\.*webutil\.pl"
#############################
# 9. PHPMyAdmin °ü·Ã °ø°Ý Ãë¾àÁ¡ Àû¿ë
# "subform" ·ÎÄà ÆÄÀÏ Æ÷ÇÔ Ãë¾àÁ¡
SecFilterSignatureAction "msg:'PHPMyAdmin attack'"
SecFilterSelective REQUEST_URI "/libraries/grab_globals\.lib\.php" chain
SecFilterSelective ARG_subform "(/|\.\.|(http|https|ftp)\:/)"
SecFilterSelective REQUEST_URI "/libraries/grab_globals\.lib\.php" chain
SecFilter "usesubform.*=.*&usesubform.*=.*&subform.*(/|\.\.|(http|https|ftp)\:/)"
# °æ·Î Ãë¾àÁ¡
SecFilterSelective REQUEST_URI "/css/phpmyadmin\.css\.php\?GLOBALS\[cfg\]\[ThemePath\]=/etc"
SecFilterSelective REQUEST_URI "/phpMyAdmin/css/phpmyadmin\.css\.php\?GLOBALS\[cfg\]\[ThemePath\]=(/|.*\.\./)"
# ¹®ÀÚ¿º¯È¯ ÆĶó¹ÌÅÍ Å©·Î½º»çÀÌÆ® ½ºÅ©¸³Æà Ãë¾àÁ¡
SecFilterSelective REQUEST_URI "/phpmyadmin/index\.php\?pma_username=*&pma_password=*&server=.*&lang=.*&convcharset=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
# Export.PHP ÆÄÀÏ °ø°³ Ãë¾àÁ¡
SecFilterSelective SCRIPT_FILENAME "export\.php$" chain
SecFilterSelective ARG_what "\.\."
# XSS Ãë¾àÁ¡
SecFilterSelective ARG_HTTP_HOST "(<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|onmouseover=|javascript\:)"
SecFilterSelective REQUEST_URI "libraries/auth/cookie\.auth\.lib\.php" chain
SecFilter "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
SecFilterSelective REQUEST_URI "/error\.php" chain
SecFilterSelective ARG_error "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
# register_globals Emulation "import_blacklist" Á¶ÀÛ Ãë¾àÁ¡
SecFilterSelective REQUEST_URI "/grab_globals\.php" chain
SecFilterSelective ARG_import_blacklist "(<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|(http|https|ftp)\:/)"
#############################
# 10. ±âŸ °ø°Ý ¹æÁö
# Çã¿ëÇÏ´Â HTTP ¸®Äù½ºÆ® ŸÀÔ (HTTP 0.9, 1.0 ȤÀº 1.1) ÀÌ¿Ü Â÷´Ü
# SecFilterSelective SERVER_PROTOCOL "!^HTTP/(0\.9|1\.0|1\.1)$" "msg:'Not allowed HTTP Protocol'"
# /etc/passwd ÆÄÀÏ Á¢±Ù Â÷´Ü
SecFilterSelective THE_REQUEST "/etc/passwd"
# À¥À» ÀÌ¿ëÇÑ SMTP redirect ±ÝÁö
SecFilterSelective THE_REQUEST ^(http|https)\:/.+:25
# Directory Traversal °ø°Ý Â÷´Ü
# SecFilter "\.\./"
#############################
# 11. SQL Injection °ø°Ý Â÷´Ü
# PHPMyAdminÀ» ÅëÇÑ Á¤»óÀûÀÎ Á¢¼Ó¿äûÀÌ SQL Injection °ø°ÝÀ¸·Î ¿ÀŽµÉ ¼ö ÀÖÀ½
# PHPMyAdminÀ» »ç¿ëÇÏ°í ÀÖÁö ¾ÊÀ» °æ¿ì ¾Æ·¡ÀÇ ÄÚ¸ÇÆ®(#)¸¦ Á¦°ÅÇÏ°í »ç¿ë ±Ç°í
# SecFilterSignatureAction "msg:'SQL injection attack'"
# SecFilterSelective ARGS "delete[[:space:]]+from"
# SecFilterSelective ARGS "drop[[:space:]]+database"
# SecFilterSelective ARGS "drop[[:space:]]+table"
# SecFilterSelective ARGS "drop[[:space:]]+column"
# SecFilterSelective ARGS "drop[[:space:]]+procedure"
# SecFilterSelective ARGS "create[[:space:]]+table"
# SecFilterSelective ARGS "update.+set.+="
# SecFilterSelective ARGS "insert[[:space:]]+into.+values"
# SecFilterSelective ARGS "select.+from"
# SecFilterSelective ARGS "bulk[[:space:]]+insert"
# SecFilterSelective ARGS "union.+select"
# SecFilterSelective ARGS "or.+1[[:space:]]*=[[:space:]]1"
# SecFilterSelective ARGS "alter[[:space:]]+table"
# SecFilterSelective ARGS "or 1=1--'"
# SecFilterSelective ARGS "'.+--"
# SecFilterSelective ARGS "into[[:space:]]+outfile"
# SecFilterSelective ARGS "load[[:space:]]+data
# SecFilterSelective ARGS "/\*.+\*/"
Ãâó: http://kikook.tistory.com/481 [³»°¡ »ç´Â ÀÌÀ¯]