This guide shows how you can configure Mod Security with Apache 2.2 provided by Webuzo. ModSecurity™ is a web application firewall engine that provides protection from XSS attacks as well as SQL injection attacks. You can read more about Mod Security at their official Website Mod Security Official Website
Make sure that you have git installed on your server otherwise you won’t be able to download the configuration files mentioned in the below steps. If you are not sure then you can install it via the below command:
apt-get install git
yum install git
- First the Download the rules required for ModSecurity™ configuration via following command:
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
- Navigate into the downloaded directory. Rename crs-setup.conf.example to crs-setup.conf. Then move the rules/ directory as well as the crs-setup.conf file to the Apache configuration directory.
cd owasp-modsecurity-crs mv crs-setup.conf /usr/local/apps/apache/etc/conf.d/ mv rules/ /usr/local/apps/apache/etc/conf.d/
- Create a file named security.conf in the Apache Configuration Directory: /usr/local/apps/apache/etc/conf.d/ and add the following content
LoadModule security2_module modules/mod_security2.so
LoadModule unique_id_module modules/mod_unique_id.so
- Create a configuration file named mod_security.conf in the Apache Configuration Directory: /usr/local/apps/apache/etc/conf.d/ for the module itself using the following command:
You can get the content for this file from the following link: mod_security.conf, copy it to the newly created file
- After copying the content from the above link to mod_security.conf file, change the following line in the file
This will allow Mod Security to start detecting for potential malicious activity.
- Now restart Apache to load all the configuration files using the following command:
service httpd restart
Testing the Configuration
Once everything is configured properly, test mod_security module by sending some malicious requests to Apache web server and see if the requests are being blocked or not.
Visit the following URL in the browser:
If the configuration is correct then you should be able to see a 403 Forbidden Error on the Webpage:
If you can see the above page then it means Mod Security has been correctly configured on your server.
Note : Before testing the configuration make sure to create an index.php or index.html in the ROOT folder of your Website.