How to Install Mod_Security with Apache on CentOS/RHEL

Written by
Security 2 Comments

Mod_Security is a Web Application Firewall that execute as a Module on your Web Server and provides protection against various attacks to our web applications. It monitors HTTP traffic and performs real time analysis. It’s a product developed by Breach Security and is available a free software under the GNU License. It is Available for Apache, Nginx and IIS.

Mod_Security can be deployed and integrated in our current Web Servers infrastructure, meaning that we do not have to modify our internal Network, we don’t add any point of failure, we can benefit from load balancing and scalability and we would not have any issues with compress or encrypted Data. Mod_Security is a valuable security tool and have proven to be effective. If we want to protect our web applications this is a tool the deserves your attention.

1. Enable EPEL Repository

Firstly add the EPEL rpm repository in your system using following command.

# rpm –ivh http://fedora.mirror.uber.com.au/epel/6/i386/epel-release-6-7.noarch.rpm

Step 2: Install Mod_Security and Predefined Rules

Let’s install mod_security Apache modules with predefined rules of mod_security.

# yum install mod_security mod_security_crs

Step 3: Activate the Module

Edit ModSecurity configuration file /etc/httpd/conf.d/mod_security.conf and look for the SecRuleEngine Directive on the File and configured with the Desired Value.

      On – Rules are activated
      Off – Rules are Deactivated
      DetectionOnly – Only Intercepts and logs Transactions

Since we want to Intercept and Block Attacks we configure it with On.

 SecRuleEngine on

Step 4: Restart Apache and Check

Now we restart the apache web services

# service httpd restart

To confirm that our web application firewall is working we should see something like this in our Apache error logs.


# tail /var/log/httpd/error_log
[Sat Mar15 16 09:20:58 2014] [notice] ModSecurity for Apache/2.7.3 (http://www.modsecurity.org/) configured.
[Sat Mar15 16 09:20:58 2014] [notice] ModSecurity: APR compiled version=”1.3.9″; loaded version=”1.3.9″
[Sat Mar15 16 09:20:58 2014] [notice] ModSecurity: PCRE compiled version=”7.8 “; loaded version=”7.8 2008-09-05″
[Sat Mar15 16 09:20:58 2014] [notice] ModSecurity: LUA compiled version=”Lua 5.1″
[Sat Mar15 16 09:20:58 2014] [notice] ModSecurity: LIBXML compiled version=”2.7.6″

Important files to Remember

      Mod Security Config File – /etc/httpd/conf.d/mod_security.conf
      Debug Log – /var/log/httpd/modsec_debug.log
      Audit log – /var/log/httpd/modsec_audit.log
      Rules – /etc/httpd/modsecurity.d/activated_rules

References:
https://www.modsecurity.org/
https://www.modsecurity.org/projects/modsecurity/apache/index.html

jason.soto

Related Posts

2 Comments

  1. Liew CheonFong Reply to Liew
    April 11, 2016 at 4:09 pm

    Thanks for the simple & straight forward tutorial!

  2. bystefu Reply to bystefu
    May 30, 2015 at 5:42 am

    Loaded plugins: fastestmirror, security
    Setting up Install Process
    Loading mirror speeds from cached hostfile
    epel/metalink | 20 kB 00:00
    * epel: fedora.mirrors.telekom.ro
    base | 3.7 kB 00:00
    dag | 1.9 kB 00:00
    epel | 4.4 kB 00:00
    epel/primary_db | 6.6 MB 00:01
    extras | 3.4 kB 00:00
    updates | 3.4 kB 00:00
    No package mod_security available.
    No package mod_security_crs available.
    Error: Nothing to do

    What can i do?

Leave a Reply

All rights reserved. © 2017 TecAdmin.net. This site uses cookies. By using this website you agree our term and services
Hosted @DigitalOcean