Linux PHP and Website Security

How to Secure Your Apache 2.x Web Server With ModSecurity in Unix/Linux

ModSecurity is an open source web application firewall. Working embedded in the web server, or standalone as a network appliance,This WAF can help you to detects and prevents attacks against web applications.
modsecurity

  • Cross-Site Scripting (XSS)
  • Backdoors Detection
  • Trojans
  • ASP/PHP Injection
  • SQL & Command Injection, etc.

In this guide we will help you install the mod_security module on a web server running Ubuntu/Debian. For Debian, you have to login as root. ModSecurity works only with Apache 2 and  higher.

Installation
1. To install ModSecurity on Ubuntu, open the terminal (Ctrl+Alt+T) and run this command:

sudo apt-get install libapache2-modsecurity

2. Create now directory for ModSecurity in the Apache2 folder:

sudo mkdir /etc/apache2/modsecurity

3. Create now the configuration file for ModSecurity, which will be loaded by Apache, using this command:

sudo gedit /etc/apache2/conf.d/modsecurity.conf

Add the following code, save and exit.

## /etc/init.d/apache2/conf.d/modsecurity.conf
Include modsecurity/*.conf

4. ModSecurity rules using these two commands:

cd /etc/apache2/modsecurity
sudo cp -R /usr/share/modsecurity-crs/base_rules/* .

5. Modified and correct the line  in the modsecurity_crs_20_protocol_violations.conf file.

sudo gedit /etc/apache2/modsecurity/
modsecurity_crs_20_protocol_violations.conf

We need to replace this line:

SecRule REQBODY_ERROR "!@eq 0" 
with this one:
SecRule REQBODY_PROCESSOR_ERROR "!@eq 0" 

Save and exit.
6. Restart now the Apche web server.

sudo /etc/init.d/apache2 restart

7. To verify if the ModSecurity module is loaded in Apache.

cat /var/log/apache2/error.log | grep modsecurity

The output must be like this:
ModSecurity for Apache/2.6.0 (URL) configured.
Visit Official Link: ModSecurity

Post Comment