How to configure Mod Security with Apache 2.2

Hi,

ModSecurity™ is a web application firewall engine that provides protection from XSS attacks as well as SQL injection attacks.

Before starting the configuration please make sure you have git installed, if you don’t have installed it on your server, install it via the following command:
For Ubuntu:

apt-get install git

For Cent OS:

yum install git

Follow the below steps to configure:

  • First the Download the rules required for ModSecurity™ configuration via following link:
    git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
  • Navigate into the downloaded directory. Rename crs-setup.conf.example to crs-setup.conf. Then move the rules/ directory as well as the crs-setup.conf file to the Apache configuration directory.
    cd owasp-modsecurity-crs
    mv crs-setup.conf  /usr/local/apps/apache/etc/conf.d/
    mv rules/ /usr/local/apps/apache/etc/conf.d
  • Create a file named security.conf in the Apache Configuration Directory: /usr/local/apps/apache/etc/conf.d/ and add the following content
    LoadModule security2_module modules/mod_security2.so
    LoadModule unique_id_module modules/mod_unique_id.so
    
    <IfModule security2_module>
            SecDataDir /var/cache/modsecurity
            Include /usr/local/apps/apache/etc/conf.d/rules/*.conf
    </IfModule>
  • Finally create a configuration file named mod_security.conf in the Apache Configuration Directory: /usr/local/apps/apache/etc/conf.d/ for the module itself, add the following content to the file
    Content for mod_security.conf
  • Now restart Apache to load all the configuration files using the following command:
    service httpd restart

Testing the configuration :

Once everything is configured properly, test mod_security module by sending some malicious requests to Apache web server and see if the requests are being blocked or not.

Visit the following URL in the browser

 http://your-doamin/?q="><script>alert(1)</script> 

You should see a 403 Forbidden response displayed by the browser.



403 Forbidden

Forbidden

You don't have permission to access / on this server.


Apache Server at {YOUR_IP} Port 80

Note: Please make sure you have index.php or index.html in the root directory of your domain