Web application security is of paramount importance to ensure the safety of users’ data and prevent unauthorized access. ModSecurity is a widely used open-source web application firewall that can be used to secure web applications hosted on an Apache web server. In addition to its default set of rules, ModSecurity can be enhanced by installing additional rules to provide protection against specific threats.
In this tutorial, we will walk you through the process of installing ModSecurity rules for Apache on CentOS and RHEL to improve the security of your web applications.
Step 1: Install ModSecurity
The first step in installing ModSecurity rules is to ensure that ModSecurity is installed on your system. To install ModSecurity on CentOS and RHEL, use the following command:
sudo yum install mod_security
Step 2: Install OWASP ModSecurity Core Rule Set
OWASP ModSecurity Core Rule Set (CRS) is a set of rules that are designed to protect web applications from a wide range of attacks. To install CRS on CentOS and RHEL, follow these steps:
Download the latest version of CRS from the official OWASP GitHub repository:
sudo yum install git
sudo git clone https://github.com/coreruleset/coreruleset.git /etc/httpd/modsecurity-crs
Copy the example configuration file and create a new configuration file:
cd /etc/httpd/modsecurity-crs
sudo cp crs-setup.conf.example crs-setup.conf
sudo cp rules/*.conf /etc/httpd/modsecurity.d/activated_rules/
Edit the configuration file and enable the rules:
sudo nano crs-setup.conf
Uncomment the following line to enable the CRS rules:
# Include OWASP ModSecurity CRS rules
Include /etc/httpd/modsecurity.d/activated_rules/*.conf
Step 3: Configure Apache to use ModSecurity
After installing ModSecurity and CRS, you need to configure Apache to use ModSecurity. To do this, you need to edit the Apache configuration file:
sudo nano /etc/httpd/conf.modules.d/10-mod_security.conf
Uncomment the following line to load the ModSecurity module:
LoadModule security2_module modules/mod_security2.so
Add the following lines to enable ModSecurity and set the location of the CRS configuration file:
SecRuleEngine On
SecRequestBodyAccess On
SecDataDir /var/log/httpd/modsec_data
SecAuditLog /var/log/httpd/modsec_audit.log
SecAuditEngine RelevantOnly
SecDebugLog /var/log/httpd/modsec_debug.log
SecDebugLogLevel 0
Include "/etc/httpd/modsecurity.d/modsecurity_crs_10_setup.conf"
Include "/etc/httpd/modsecurity.d/activated_rules/*.conf"
Restart Apache to apply the changes:
sudo systemctl restart httpd
Step 4: Verify ModSecurity is Working
To verify that ModSecurity is working, you can use the following command to simulate an attack on your web server:
curl -d "id=1 AND 1=1" http://yourserver.com/index.php
If ModSecurity is working properly, you should see a 403 Forbidden error.
Congratulations, you have successfully installed and configured ModSecurity rules for Apache on CentOS and RHEL. Your web applications are now protected against a wide range of attacks.
Conclusion
Web application security is an ever-evolving field, and it is crucial to stay up-to-date with the latest security measures to ensure the safety of users’ data. Installing ModSecurity rules is one way to enhance the security of web applications hosted on an Apache web server. In this tutorial, we have provided a step-by-step guide on how to install and configure ModSecurity rules on CentOS and RHEL. By following these steps, you can protect your web applications against a wide range of attacks and improve the security of your server.
3 Comments
Why the EPEL rpm has to be added? what happens if first step is skipped?
Thanks for the simple & straight forward tutorial!
Loaded plugins: fastestmirror, security
Setting up Install Process
Loading mirror speeds from cached hostfile
epel/metalink | 20 kB 00:00
* epel: fedora.mirrors.telekom.ro
base | 3.7 kB 00:00
dag | 1.9 kB 00:00
epel | 4.4 kB 00:00
epel/primary_db | 6.6 MB 00:01
extras | 3.4 kB 00:00
updates | 3.4 kB 00:00
No package mod_security available.
No package mod_security_crs available.
Error: Nothing to do
What can i do?