How to Make Use of ModSecurity in apache
ModSecurity in apache
Mod security is a free Apache module used to protect your web server from various attacks like SQL injection, cross site scripting, session hijacking, brute force and a lot of other exploits. It also allows you to monitor traffic on a real-time basis.
Installation
You can install mod security using the following command:
linuxhelp ~ # apt-get install libapache2-modsecurity -y
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
libapache2-mod-security2
Recommended packages:
modsecurity-crs
The following NEW packages will be installed:
libapache2-mod-security2 libapache2-modsecurity
0 upgraded, 2 newly installed, 0 to remove and 402 not upgraded.
Need to get 316 kB of archives.
After this operation, 1,263 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu xenial/universe amd64 libapache2-mod-security2 amd64 2.9.0-1 [314 kB]
Get:2 http://archive.ubuntu.com/ubuntu xenial/universe amd64 libapache2-modsecurity all 2.9.0-1 [2,006 B]
Fetched 316 kB in 1s (215 kB/s)
Selecting previously unselected package libapache2-mod-security2.
(Reading database ... 220633 files and directories currently installed.)
Preparing to unpack .../libapache2-mod-security2_2.9.0-1_amd64.deb ...
Unpacking libapache2-mod-security2 (2.9.0-1) ...
Selecting previously unselected package libapache2-modsecurity.
Preparing to unpack .../libapache2-modsecurity_2.9.0-1_all.deb ...
Unpacking libapache2-modsecurity (2.9.0-1) ...
Setting up libapache2-mod-security2 (2.9.0-1) ...
apache2_invoke: Enable module security2
Setting up libapache2-modsecurity (2.9.0-1) ...
check if the mod_security module is running, use the following command You should see a module named security2_module (shared) which indicates that the module was loaded.
linuxhelp ~ # apachectl -M | grep --color security
AH00557: apache2: apr_sockaddr_info_get() failed for linuxhelp
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
security2_module (shared)
enable the mod_security rules, you need to rename and edit the mod security recommended configuration file and set the SecRuleEngine option to On For this run the following command:
linuxhelp ~ # mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
linuxhelp ~ # vim /etc/modsecurity/modsecurity.conf
Add/edit the following line:
SecRuleEngine On
Now restart Apache for the changes to take effect.
linuxhelp ~ # systemctl restart apache2
There are lot of security rules that come with Modesecurity (called the Core Rule Set) that are located in the “/usr/share/modsecurity-crs” directory. Now you need to enable these rules to get it working with Apache.
linuxhelp ~ # vim /etc/apache2/mods-enabled/security2.conf
Add/edit the following line:
IncludeOptional "/usr/share/modsecurity-crs/*.conf"
IncludeOptional "/usr/share/modsecurity-crs/base_rules/*.conf
Save the file and restart the Apache service.
linuxhelp ~ # systemctl restart apache2
With this, the method to Make Use of ModSecurity in apache comes to an end
HTTP protection - detecting violations of the HTTP protocol and a locally defined usage policy. Common Web Attacks Protection - detecting common web application security attack. Automation detection - Detecting bots, crawlers, scanners, and another surface malicious activity.