[求助]如何配置服务器 gzip 和 security

nothing9

debian sarge
apt-get install apache php4 libapache-mod-gzip libapache-mod-security

在http.conf未找到任何和 gzip , security 相关的配置,关于 security 按照debian区一篇精华帖做了:

在httpd.conf的末尾加上
<IfModule mod_security.c>
# 打开或者关闭过滤引擎
SecFilterEngine On
# 设置缺省的动作
SecFilterDefaultAction "deny,log,status:404"
# 把设置传递给字目录
SecFilterInheritance Off
# 检测URL编码是否正确
SecFilterCheckURLEncoding On
# 检测内容长度以避免堆溢出攻击
SecFilterForceByteRange 32 126
# 日志文件的位置和名字
SecAuditLog logs/audit_log
# debug设置
SecFilterDebugLog logs/modsec_debug_log
SecFilterDebugLevel 0
# 检测POST数据
SecFilterScanPOST On
# 当匹配sh的时候,重新定向到一个特殊的页面,让攻击者知难而退
SecFilter sh redirect:http://secu.zzu.edu.cn/hack/fu.htm
# Only check the body of the POST request
#过滤一些敏感的东西，我们使用*是为了攻击者使用/etc/./passwd来绕开检测
SecFilter /etc/*passwd
SecFilter /bin/*sh
# 防止double dot攻击
SecFilter "../"
# 防止跨站脚本(CSS)攻击
SecFilter "<( | )*script"
SecFilter "<(.| )+>"
# 防止SQL插入(SQL Injection)攻击
SecFilter "delete(空格| )+from"
SecFilter "insert(空格| )+into"
SecFilter "select(空格| )+from"
# 下面是限制了upload.php文件只能用来上传jpeg.bmp和gif的图片
<Location /upload.php>
SecFilterInheritance Off
SecFilterSelective POST_PAYLOAD "!image/(jpeg|bmp|gif)"
</Location>
</IfModule>

可提示文件audit_log和modsec_debug_log打不开.
请指点!谢!

nothing9

如何检测配置了mod_security后，是否生效？

nothing9

<IfModule mod_security.c>
SecFilterEngine On
SecFilterDefaultAction "deny,log,status:403"
SecFilterScanPOST On
SecFilterCheckURLEncoding On
SecFilterCheckCookieFormat On
SecFilterCheckUnicodeEncoding Off
SecFilterForceByteRange 1 255
SecAuditEngine RelevantOnly
SecAuditLog logs/modsec_audit_log
SecFilterDebugLevel 0
SecFilterDebugLog logs/modsec_debug_log
SecFilterSelective REQUEST_METHOD "!^GET$" chain
SecFilterSelective HTTP_Content-Type "!(^$|^application/x-www-form-urlencoded$|^multipart/form-data)"
SecFilterSelective REQUEST_METHOD "^POST$" chain
SecFilterSelective HTTP_Content-Length "^$"
SecFilterSelective HTTP_Transfer-Encoding "!^$"
SecUploadDir /tmp
SecUploadKeepFiles Off
SecFilter "../"
SecFilter /etc/password
SecFilter /etc/group
SecFilter /etc/shadow
SecFilter /bin/ls
SecFilter "delete[:space:]+from"
SecFilter "insert[:space:]+into"
SecFilter "update[:space:]+set"
SecFilter "select.+from"
SecFilterSelective OUTPUT "Fatal error:" deny,status:500
</IfModule>

怎么知道mod_security起作用了？

nothing9

把下列配置加入httpd.conf尾部。
# MOD_GZIP configuration

　　mod_gzip_on Yes
　　mod_gzip_minimum_file_size 1002
　　mod_gzip_maximum_file_size 0
　　mod_gzip_maximum_inmem_size 60000
　　mod_gzip_item_include mime "application/x-httpd-php"
　　mod_gzip_item_include mime text/*
　　mod_gzip_item_include mime "httpd/unix-directory"
　　mod_gzip_dechunk Yes
　　mod_gzip_temp_dir "/tmp"
　　mod_gzip_keep_workfiles No
　　mod_gzip_item_include file "\.php3$"
　　mod_gzip_item_include file "\.txt$"
　　mod_gzip_item_include file "\.html$"
　　mod_gzip_item_exclude file "\.css$"
　　mod_gzip_item_exclude file "\.js$"

在保存修改后运行 /bin/apachectl configtest 确保配置修改无误。

然后用apachectl restart指令重起服务。

请问：又怎么知道 mod_gzip 起作用了呢？