How to configure Mod Security with Apache 2.2

From Webuzo Wiki
Jump to: navigation, search

Overview

This guide shows how you can configure Mod Security with Apache 2.2 provided by Webuzo. ModSecurity™ is a web application firewall engine that provides protection from XSS attacks as well as SQL injection attacks. You can read more about Mod Security at their official Website Mod Security Official Website

Pre Requisites

Make sure that you have git installed on your server otherwise you won't be able to download the configuration files mentioned in the below steps. If you are not sure then you can install it via the below command:

Ubuntu

apt-get install git

CentOS

yum install git

Configuration Steps

  • First the Download the rules required for ModSecurity™ configuration via following command:
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
  • Navigate into the downloaded directory. Rename crs-setup.conf.example to crs-setup.conf. Then move the rules/ directory as well as the crs-setup.conf file to the Apache configuration directory.
cd owasp-modsecurity-crs
mv crs-setup.conf  /usr/local/apps/apache/etc/conf.d/
mv rules/ /usr/local/apps/apache/etc/conf.d/
  • Create a file named security.conf in the Apache Configuration Directory: /usr/local/apps/apache/etc/conf.d/ and add the following content
LoadModule security2_module modules/mod_security2.so
LoadModule unique_id_module modules/mod_unique_id.so

<IfModule security2_module>
        SecDataDir /var/cache/modsecurity
        Include /usr/local/apps/apache/etc/conf.d/rules/*.conf
</IfModule>
  • Create a configuration file named mod_security.conf in the Apache Configuration Directory: /usr/local/apps/apache/etc/conf.d/ for the module itself using the following command:
touch /usr/local/apps/apache/etc/conf.d/mod_security.conf

You can get the content for this file from the following link: mod_security.conf, copy it to the newly created file

  • After copying the content from the above link to mod_security.conf file, change the following line in the file
SecRuleEngine DetectionOnly

to

SecRuleEngine On

This will allow Mod Security to start detecting for potential malicious activity.

  • Now restart Apache to load all the configuration files using the following command:
service httpd restart

Testing the Configuration

Once everything is configured properly, test mod_security module by sending some malicious requests to Apache web server and see if the requests are being blocked or not.

Visit the following URL in the browser:

 http://your-doamin/?q="><script>alert(1)</script>

If the configuration is correct then you should be able to see a 403 Forbidden Error on the Webpage:

403.png

If you can see the above page then it means Mod Security has been correctly configured on your server.

Note : Before testing the configuration make sure to create an index.php or index.html in the ROOT folder of your Website.