github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity
ModSecurity/java/ModSecurityTestApp/web/help.html
Mihai Pitu e1cd024c26 configs
2016-01-29 10:39:56 -03:00

185 lines
9.8 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html>
<head>
<title>ModSecurity WAF: Help page</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
.code {
font-family: Courier;
font-size: 14px;
}
.codecanvas {
background: #DDDDDD;
}
</style>
</head>
<body style="background: #333333;">
<div align="center" style="width:930px; margin:0 auto; box-shadow: 5px 5px 6px #000; background: #FFFFFF;">
<div style="width: 930px;">
<img border="0" height="101" alt="ModSecurity: Open Source Web Application Firewall" src="http://www.modsecurity.org/g/header-top.jpg" />
</div>
<div style="width: 930px;">
<table width="90%" cellspacing="0" cellpadding="0" border="0">
<tr>
<td>
<h2 style="font-family: Arial;">ModSecurity for Java - Help Page</h2>
</td>
</tr>
<tr>
<td>
<p>
<b>ModSecurity</b> is an open source intrusion detection and prevention engine for web
applications. It can also be called an web application firewall. It operates embedded into
the web server, acting as a powerful umbrella, shielding applications from attacks.
</p>
<p>
ModSecurity for Java is designed as a <a href="http://www.oracle.com/technetwork/java/filters-137243.html">Java Filter</a> which makes use of ModSecurity's
<a href="https://github.com/SpiderLabs/ModSecurity">native code</a> using the <b>JNI technology</b>.
</p>
<br />
<h2>Installation</h2>
<p>
First you need to choose whether to download and compile ModSecurity from the project's version control web-site:
<a href="https://github.com/SpiderLabs/ModSecurity">github.com/SpiderLabs/ModSecurity</a> or using pre-compiled binaries from
<a href="https://www.modsecurity.org/">modsecurity.org</a>.
The native libraries (.so, .dll, etc.) needed for <b>ModSecurity for Java</b> are:
</p>
<ol>
<li>
zlib1 (Windows only)
</li>
<li>
libxml2
</li>
<li>
pcre
</li>
<li>
libapr-1
</li>
<li>
libapriconv-1 (Windows only)
</li>
<li>
libaprutil-1
</li>
<li>
ModSecurityJNI (JNI wrapper for mod_security code)
</li>
</ol>
<p>
These native libraries are used by the <a class="code" href="../src/java/org/modsecurity/ModSecurityFilter.java">ModSecurityFilter</a>.
</p>
<br />
<h3>Compile ModSecurity native library</h3>
<p>
Install required packages for compilation. For example, on Debian/Ubuntu like systems (Windows users have a Visual Studio solution):
</p>
<pre class="codecanvas">
sudo apt-get install g++ make automake autoconf libtool
</pre>
<p>
Install required dependent packages:
</p>
<pre class="codecanvas">
sudo apt-get install libxml2 libxml2-dev libxml2-utils libaprutil1 libaprutil1-dev apache2-prefork-dev
</pre>
<p>
Download mod_security source code from <a href="https://github.com/mihaipitu/ModSecurity">GitHub</a>, compile and install:
</p>
<pre class="codecanvas">
cd mod_security/
./autogen.sh
./configure --enable-java-module
make
</pre>
<p>
Copy compiled library in a convenient folder:
</p>
<pre class="codecanvas">
sudo cp ./java/.libs/libModSecurityJNI.so /usr/lib/
</pre>
<br />
<h3>Java Web Applications with ModSecurity Filter</h3>
<p>
ModSecurity for Java uses <a href="http://www.oracle.com/technetwork/java/filters-137243.html">Java Filters</a> in order to
intercept Http requests and responses. <b>ModsecurityTestApp</b> is an example of Java EE Web application using the ModSecurity
Filter. To use ModSecurity Filter in your Web application, copy the source files from
<span class="code">mod_security/java/ModSecurityTestApp/src/</span>
in your application and add the following entry for the filter tag in your <b>web.xml</b> file:
</p>
<pre class="codecanvas"><code >
&lt;filter&gt;
&lt;filter-name&gt;ModSecurityFilter&lt;/filter-name&gt;
&lt;filter-class>org.modsecurity.ModSecurityFilter&lt;/filter-class&gt;
&lt;init-param&gt;
&lt;param-name&gt;conf&lt;/param-name&gt;
&lt;param-value&gt;c:\inetpub\wwwroot\owasp-crs\modsecurity.conf&lt;/param-value&gt;
&lt;!-- Path to the main configuration file of ModSecurity. You can activate the core
rules by including in modsecurity.conf file:
Include modsecurity_crs_10_setup.conf
Include activated_rules\*.conf
--&gt;
&lt;/init-param&gt;
&lt;/filter&gt;
&lt;filter-mapping&gt;
&lt;filter-name&gt;ModSecurityFilter&lt;/filter-name&gt;
&lt;url-pattern&gt;/*&lt;/url-pattern&gt;
&lt;/filter-mapping&gt;
&lt;/filter&gt;
</code>
</pre>
<p>
The ModSecurity Filter makes use of the native libraries written in C/C++ using the JNI technology.
There are two ways of loading native libraries by Java Web Applications:
<ol>
<li>
<h4>Loading native libraries directly in the ModSecurityFilter</h4>
<p>
Although this is the easier, this is not recommended because the JVM will raise
<span class="code">UnsatisfiedLinkError</span> if the ModSecurity Filter is used in
multiple applications within the same server.
The libraries are loaded in the <a class="code" href="../src/java/org/modsecurity/ModSecurity.java">ModSecurity</a> class using
<span class="code">System.loadLibrary()</span>. In this case the server has to be started with
the following VM options:
</p>
<pre class="codecanvas">
-Djava.library.path=/path/to/libraries/folder/
</pre>
<p>
You can specify multiple folders for the <span class="code">java.library.path</span> variable by using
: (colon) or ; (semi-colon), depending on your environment.
</p>
</li>
<li>
<h4>Loading native libraries when the Web Server starts</h4>
<p>
<a class="code" href="../../ModSecurityLoader/dist/ModSecurityLoader.jar">ModSecurityLoader.jar</a> should be placed
in the Java server library loader folder (for example, in Tomcat 7: <span class="code">$CATALINA_HOME/lib</span>).
You can build or modify the load directory of <span class="code">ModSecurityLoader</span> from
<span class="code">/mod_security/java/ModSecurityLoader/src/</span>.
</p>
</li>
</ol>
<br/>
<br/>
<br/>
</td>
</tr>
</table>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink