2022年5月11日 星期三

[研究]XAMPP 7.4.29.0 與 Apache mod_security (WAF) 安裝設定測試 (Windows 2019)

[研究]XAMPP 7.4.29.0 與 Apache mod_security (WAF) 安裝設定測試 (Windows 2019)

2022-05-11

續這篇

[研究]XAMPP 8.1.5 安裝
https://shaurong.blogspot.com/2022/05/xampp-815.html

因故要找個於Windows上安裝後就有Apache Web Server和ModSecurity可用軟體。

官方網站
https://www.apachefriends.org/zh_tw/download.html

模組

https://bitnami.com/stack/xampp?utm_source=bitnami&utm_medium=installer&utm_campaign=XAMPP%2BInstaller

AMPP 分別指 Apache (網站), MariaDB (資料庫), PHP (網頁), Perl (網頁)

包含: Apache 2.4.53, MariaDB 10.4.24, PHP 7.4.29, phpMyAdmin 5.1.3, OpenSSL 1.1.1, XAMPP Control Panel 3.2.4, Webalizer 2.23-04, Mercury Mail Transport System 4.63, FileZilla FTP Server 0.9.41, Tomcat 8.5.78 (with mod_proxy_ajp as connector), Strawberry Perl 5.32.1.1 Portable

下載 xampp-windows-x64-7.4.29-0-VC15-installer.exe 於 Windows Server 2019 上安裝


















再來測試 ModSecurity

修改Apache 的 httpd.conf 設定檔

尋找這2個,有就把註解 (#) 拿掉,沒有就新增

LoadModule security2_module modules/mod_security2.so

LoadModule unique_id_module modules/mod_unique_id.so

不幸2個都沒有,也就是 XAMPP 在編譯 Apche httpd 時有可能沒有製作這2個模組,新增賭賭運氣,存檔,Stop Apache,再 Start Apache 讓 httpd.conf 設定生效。








啟動失敗


上午 08:29:43  [Apache] 	Status change detected: stopped
上午 08:29:43  [Apache] 	Error: Apache shutdown unexpectedly.
上午 08:29:43  [Apache] 	This may be due to a blocked port, missing dependencies, 
上午 08:29:43  [Apache] 	improper privileges, a crash, or a shutdown by another method.
上午 08:29:43  [Apache] 	Press the Logs button to view error logs and check
上午 08:29:43  [Apache] 	the Windows Event Viewer for more clues
上午 08:29:43  [Apache] 	If you need more help, copy and post this
上午 08:29:43  [Apache] 	entire log window on the forums

error.log 內容

[Wed May 11 08:10:12.523502 2022] [ssl:warn] [pid 4664:tid 544] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 11 08:10:12.570378 2022] [ssl:warn] [pid 4664:tid 544] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 11 08:10:12.601298 2022] [mpm_winnt:notice] [pid 4664:tid 544] AH00455: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29 configured -- resuming normal operations
[Wed May 11 08:10:12.601298 2022] [mpm_winnt:notice] [pid 4664:tid 544] AH00456: Apache Lounge VC15 Server built: Mar 16 2022 15:48:38
[Wed May 11 08:10:12.601298 2022] [core:notice] [pid 4664:tid 544] AH00094: Command line: 'C:\\xampp\\apache\\bin\\httpd.exe -d C:/xampp/apache'
[Wed May 11 08:10:12.616949 2022] [mpm_winnt:notice] [pid 4664:tid 544] AH00418: Parent: Created child process 6316
[Wed May 11 08:10:13.116565 2022] [ssl:warn] [pid 6316:tid 520] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 11 08:10:13.147837 2022] [ssl:warn] [pid 6316:tid 520] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 11 08:10:13.179809 2022] [mpm_winnt:notice] [pid 6316:tid 520] AH00354: Child: Starting 150 worker threads.
[Wed May 11 08:12:13.436995 2022] [ssl:warn] [pid 6344:tid 552] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 11 08:12:13.467751 2022] [ssl:warn] [pid 6344:tid 552] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 11 08:12:13.499872 2022] [mpm_winnt:notice] [pid 6344:tid 552] AH00455: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29 configured -- resuming normal operations
[Wed May 11 08:12:13.499872 2022] [mpm_winnt:notice] [pid 6344:tid 552] AH00456: Apache Lounge VC15 Server built: Mar 16 2022 15:48:38
[Wed May 11 08:12:13.499872 2022] [core:notice] [pid 6344:tid 552] AH00094: Command line: 'c:\\xampp\\apache\\bin\\httpd.exe -d C:/xampp/apache'
[Wed May 11 08:12:13.499872 2022] [mpm_winnt:notice] [pid 6344:tid 552] AH00418: Parent: Created child process 5532
[Wed May 11 08:12:13.889794 2022] [ssl:warn] [pid 5532:tid 568] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 11 08:12:13.936684 2022] [ssl:warn] [pid 5532:tid 568] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 11 08:12:13.952882 2022] [mpm_winnt:notice] [pid 5532:tid 568] AH00354: Child: Starting 150 worker threads.


無法啟動,可能因為新加入的

LoadModule security2_module modules/mod_security2.so
LoadModule unique_id_module modules/mod_unique_id.so

雖然這一版 XAMPP 安裝啟動後就有 Apache Web Server (httpd) 可用,但似乎這版不支援 ModSecurity 可用 (或敝人方法不對,或需要其他安裝設定),先找別套。

(完)

相關

[研究]XAMPP 7.4.29.0 安裝
https://shaurong.blogspot.com/2022/05/xampp-74290.html

[研究]XAMPP 8.1.5 安裝
https://shaurong.blogspot.com/2022/05/xampp-815.html

[研究] XAMPP win32-7.3.1-0-VC15安裝(Windows 2019)
https://shaurong.blogspot.com/2019/02/xampp-win32-731-0-vc15windows-2019.html

[研究] XAMPP for Windows 7.1.7 + HTTPS (SSL) 安裝 (Windows 7)
http://shaurong.blogspot.com/2017/07/xampp-for-windows-717-https-ssl-windows.html

[研究] XAMPP for Windows 5.6.38 + HTTPS (SSL) 安裝 (Windows 2012 R2)
https://shaurong.blogspot.com/2017/01/xampp-for-windows-5638-https-ssl.html

[研究] LAMP(Linux, Apache 2.4.6, MariaDB 5.5.52, PHP 5.4.16)+OpenSSL 1.0.1e (yum)快速安裝程式(CentOS 7.3)
https://shaurong.blogspot.com/2017/01/lamplinux-apache-mariadb_5.html

[研究] AppServ 8.6.0 (Apache 2.4.25 + PHP 5.6.30/7.1.1 + MySQL 5.7.17 + phpMyAdmin 4.6.6 + SSL) 安裝 (Windows 2019)
https://shaurong.blogspot.com/2019/02/appserv-860-apache-2425-php-5630711.html

[研究] Apache Web Server 2.4.x 架站軟體比較 (AMP、WAMP、LAMP)
https://shaurong.blogspot.com/2018/07/apache-web-server-24x.html

[研究] XAMPP for Windows 7.1.7 + HTTPS (SSL) 安裝 (Windows 7)
https://shaurong.blogspot.com/2017/07/xampp-for-windows-717-https-ssl-windows.html

[研究] AppServ 8.6.0 (Apache 2.4.25 + PHP 5.6.30/7.1.1 + MySQL 5.7.17 + phpMyAdmin 4.6.6 + SSL) 安裝 (Windows 7)
http://shaurong.blogspot.tw/2017/07/appserv-860-apache-2425-php-5630711.html

[研究] AppServ 8.4.0 + HTTPS (SSL) 安裝 (Windows 2012 R2)
http://shaurong.blogspot.com/2016/08/appserv-840-https-ssl-windows-2012-r2.html


[研究] Apache HTTPd Web Server 2.4.23 + HTTPS (SSL) 安裝 (Windows 2012 R2)
http://shaurong.blogspot.com/2016/08/apache-httpd-web-server-2423-https-ssl.html

[研究] Apache HTTPd Web Server 2.4.6 + HTTPS (SSL) yum 安裝 (CentOS 7.2 x64)
http://shaurong.blogspot.com/2016/08/apache-httpd-web-server-246-https-ssl.html

網際網路資訊服務(英语:Internet Information Services,簡稱IIS)
https://zh.wikipedia.org/wiki/%E7%B6%B2%E9%9A%9B%E7%B6%B2%E8%B7%AF%E8%B3%87%E8%A8%8A%E6%9C%8D%E5%8B%99
有 Windows 版本和內建 IIS 版本關係

[研究] Windows 2012 R2 安裝 IIS 8.5 和 HTTP (SSL) 連線 (方法二)
http://shaurong.blogspot.com/2015/04/windows-2012-r2-iis-http-ssl.html

[研究] Windows 2012 R2 安裝 IIS 8.5 和 HTTP (SSL) 連線 (方法一)
http://shaurong.blogspot.com/2015/04/windows-2008-r2-iis-http-ssl.html

[研究] Windows 2012 安裝 IIS 8.0 和 HTTP (SSL) 連線
http://shaurong.blogspot.com/2015/04/windows-2012-iis-http-ssl.html

[研究] Windows 2008 R2 安裝 IIS 7.5 和 HTTP (SSL) 連線
http://shaurong.blogspot.com/2015/04/windows-2008-r2-iis-http-ssl.html

[研究] Windows 2003 R2 安裝 IIS 6.0 和 HTTPS (SSL) 連線
http://shaurong.blogspot.com/2015/04/windows-2003-r2-iis-https-ssl.html

[研究] Windows 10 Enterprise 1511 (x64)安裝架設IIS 10.0、建立SSL憑證、提供 HTTPS (SSL) 連線
http://shaurong.blogspot.com/2016/02/windows-10-enterprise-1511-x64iisssl.html

[研究] Windows 7 Ultimate x64安裝架設IIS 7.5、建立SSL憑證、提供 HTTPS (SSL) 連線
http://shaurong.blogspot.com/2016/02/windows-7-ultimate-x64iisssl-https-ssl.html

[研究] Windows XP Professional x86 安裝架設IIS 5.1、建立SSL憑證、提供 HTTPS (SSL) 連線
http://shaurong.blogspot.com/2016/02/windows-xp-professional-x86-iisssl.html

[研究] 在Windows XP Professional上IIS 5.1啟動SSL
http://shaurong.blogspot.com/2011/06/windows-xp-professionaliisssl.html

Internet Information Services (IIS) 10.0 Express 下載
https://www.microsoft.com/zh-TW/download/details.aspx?id=48264
支援 Windows 7/2008R2,8/2012,8.1/2012 R2,10/2016

Internet Information Services (IIS) 8.0 Express
https://www.microsoft.com/en-us/download/details.aspx?id=34679

Internet Information Services (IIS) 7 Manager
https://www.microsoft.com/en-us/download/details.aspx?id=2299

Internet Information Services (IIS) 6.0 Resource Kit
https://www.microsoft.com/en-us/download/details.aspx?id=5135
支援 Windows XP/2003

Internet Information Services (IIS) 6.0 Resource Kit Tools
https://www.microsoft.com/en-us/download/details.aspx?id=17275

Internet Information Services (IIS) 6.0 Manager for Windows XP
https://www.microsoft.com/en-us/download/details.aspx?id=15662

沒有留言:

張貼留言