How To Setup Apache ModSecurity on CentOS and RHEL

Web application security is of paramount importance to ensure the safety of users’ data and prevent unauthorized access. ModSecurity is a widely used open-source web application firewall that can be used to secure web applications hosted on an Apache web server. In addition to its default set of rules, ModSecurity can be enhanced by installing additional rules to provide protection against specific threats.

In this tutorial, we will walk you through the process of installing ModSecurity rules for Apache on CentOS and RHEL to improve the security of your web applications.

Step 1: Install ModSecurity

The first step in installing ModSecurity rules is to ensure that ModSecurity is installed on your system. To install ModSecurity on CentOS and RHEL, use the following command:

sudo yum install mod_security 

Step 2: Install OWASP ModSecurity Core Rule Set

OWASP ModSecurity Core Rule Set (CRS) is a set of rules that are designed to protect web applications from a wide range of attacks. To install CRS on CentOS and RHEL, follow these steps:

Download the latest version of CRS from the official OWASP GitHub repository:

sudo yum install git 
sudo git clone https://github.com/coreruleset/coreruleset.git /etc/httpd/modsecurity-crs 

Copy the example configuration file and create a new configuration file:

cd /etc/httpd/modsecurity-crs 
sudo cp crs-setup.conf.example crs-setup.conf 
sudo cp rules/*.conf /etc/httpd/modsecurity.d/activated_rules/ 

Edit the configuration file and enable the rules:

sudo nano crs-setup.conf 

Uncomment the following line to enable the CRS rules:

# Include OWASP ModSecurity CRS rules
Include /etc/httpd/modsecurity.d/activated_rules/*.conf

Step 3: Configure Apache to use ModSecurity

After installing ModSecurity and CRS, you need to configure Apache to use ModSecurity. To do this, you need to edit the Apache configuration file:

sudo nano /etc/httpd/conf.modules.d/10-mod_security.conf 

Uncomment the following line to load the ModSecurity module:

LoadModule security2_module modules/mod_security2.so

Add the following lines to enable ModSecurity and set the location of the CRS configuration file:

  SecRuleEngine On
  SecRequestBodyAccess On
  SecDataDir /var/log/httpd/modsec_data
  SecAuditLog /var/log/httpd/modsec_audit.log
  SecAuditEngine RelevantOnly
  SecDebugLog /var/log/httpd/modsec_debug.log
  SecDebugLogLevel 0
  Include "/etc/httpd/modsecurity.d/modsecurity_crs_10_setup.conf"
  Include "/etc/httpd/modsecurity.d/activated_rules/*.conf"

Restart Apache to apply the changes:

sudo systemctl restart httpd 

Step 4: Verify ModSecurity is Working

To verify that ModSecurity is working, you can use the following command to simulate an attack on your web server:

curl -d "id=1 AND 1=1" http://yourserver.com/index.php 

If ModSecurity is working properly, you should see a 403 Forbidden error.

Congratulations, you have successfully installed and configured ModSecurity rules for Apache on CentOS and RHEL. Your web applications are now protected against a wide range of attacks.

Conclusion

Web application security is an ever-evolving field, and it is crucial to stay up-to-date with the latest security measures to ensure the safety of users’ data. Installing ModSecurity rules is one way to enhance the security of web applications hosted on an Apache web server. In this tutorial, we have provided a step-by-step guide on how to install and configure ModSecurity rules on CentOS and RHEL. By following these steps, you can protect your web applications against a wide range of attacks and improve the security of your server.