Overview
This guide shows how you can configure Mod Security with Apache 2.2 provided by Webuzo. ModSecurity™ is a web application firewall engine that provides protection from XSS attacks as well as SQL injection attacks. You can read more about Mod Security at their official Website Mod Security Official Website
Pre Requisites
Make sure that you have git installed on your server otherwise you won't be able to download the configuration files mentioned in the below steps. If you are not sure then you can install it via the below command:
Ubuntu
apt-get install git
CentOS
yum install git
Configuration Steps
- First the Download the rules required for ModSecurity™ configuration via following command:
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
- Navigate into the downloaded directory. Rename crs-setup.conf.example to crs-setup.conf. Then move the rules/ directory as well as the crs-setup.conf file to the Apache configuration directory.
cd owasp-modsecurity-crs mv crs-setup.conf /usr/local/apps/apache/etc/conf.d/ mv rules/ /usr/local/apps/apache/etc/conf.d/
- Create a file named security.conf in the Apache Configuration Directory: /usr/local/apps/apache/etc/conf.d/ and add the following content
LoadModule security2_module modules/mod_security2.so
LoadModule unique_id_module modules/mod_unique_id.so
<IfModule security2_module>
SecDataDir /var/cache/modsecurity
Include /usr/local/apps/apache/etc/conf.d/rules/*.conf
</IfModule>
- Create a configuration file named mod_security.conf in the Apache Configuration Directory: /usr/local/apps/apache/etc/conf.d/ for the module itself using the following command:
touch /usr/local/apps/apache/etc/conf.d/mod_security.conf
You can get the content for this file from the following link: mod_security.conf, copy it to the newly created file
- After copying the content from the above link to mod_security.conf file, change the following line in the file
SecRuleEngine DetectionOnly
to
SecRuleEngine On
This will allow Mod Security to start detecting for potential malicious activity.
- Now restart Apache to load all the configuration files using the following command:
service httpd restart
Testing the Configuration
Once everything is configured properly, test mod_security module by sending some malicious requests to Apache web server and see if the requests are being blocked or not.
Visit the following URL in the browser:
http://your-doamin/?q="><script>alert(1)</script>
If the configuration is correct then you should be able to see a 403 Forbidden Error on the Webpage:
If you can see the above page then it means Mod Security has been correctly configured on your server.
Note : Before testing the configuration make sure to create an index.php or index.html in the ROOT folder of your Website.