ModSecurity Handbook: Getting Started - Bad Request
ModSecurity Handbook: Getting Started - Bad Request
ModSecurity Handbook: Getting Started - Bad Request
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
I generally try to use binary packages when they are available (and they are available on Debian,<br />
which is currently my platform of choice). When I build dedicated reverse proxy installations,<br />
however, I tend to build everything from source, because that allows me access to the<br />
latest Apache and <strong>ModSecurity</strong> versions, and makes it easier to tweak things (by changing the<br />
source code of either Apache or <strong>ModSecurity</strong>) when I want to.<br />
Installation from Source<br />
Installing from source is the preferred approach to installing <strong>ModSecurity</strong>, mostly because<br />
that way you get the latest (and best) version, and because you are able to make any changes<br />
you want.<br />
Downloading Releases<br />
To download <strong>ModSecurity</strong>, go to its web site [https://www.modsecurity.org] or the Source-<br />
Forge project page [http://sourceforge.net/projects/mod-security/]. You will need both the<br />
main distribution and the cryptographic signature:<br />
$ wget http://www.modsecurity.org/download/modsecurity-apache_2.5.10-dev2.tar.gz<br />
$ wget http://www.modsecurity.org/download/modsecurity-apache_2.5.10-dev2.tar.gz.asc<br />
Verify the signature before doing anything else. That will ensure that the package you’ve just<br />
downloaded does not contain a trojan horse planted by a third party and that it hasn’t been<br />
corrupted during transport.<br />
$ gpg --verify modsecurity-apache_2.5.10-dev2.tar.gz.asc<br />
gpg: Signature made Wed 12 Aug 2009 23:27:06 BST using DSA key ID E77B534D<br />
gpg: Can't check signature: public key not found<br />
Your first attempt may not provide the expected results, but that can be solved easily by importing<br />
the referenced key from a key server:<br />
$ gpg --recv-keys E77B534D<br />
gpg: requesting key E77B534D from hkp server keys.gnupg.net<br />
gpg: /home/guest/.gnupg/trustdb.gpg: trustdb created<br />
gpg: key E77B534D: public key "Brian Rectanus (work) " …<br />
imported<br />
gpg: no ultimately trusted keys found<br />
gpg: Total number processed: 1<br />
gpg: imported: 1<br />
Now you can try again:<br />
$ gpg --verify modsecurity-apache_2.5.10-dev2.tar.gz.asc<br />
24 Chapter 2: Installation