ModSecurity is an open source web application firewall. Working embedded in the web server, or standalone as a network appliance,This WAF can help you to detects and prevents attacks against web applications.
- Cross-Site Scripting (XSS)
- Backdoors Detection
- Trojans
- ASP/PHP Injection
- SQL & Command Injection, etc.
In this guide we will help you install the mod_security module on a web server running Ubuntu/Debian. For Debian, you have to login as root. ModSecurity works only with Apache 2 and higher.
Installation
1. To install ModSecurity on Ubuntu, open the terminal (Ctrl+Alt+T) and run this command:
sudo apt-get install libapache2-modsecurity
2. Create now directory for ModSecurity in the Apache2 folder:
sudo mkdir /etc/apache2/modsecurity
3. Create now the configuration file for ModSecurity, which will be loaded by Apache, using this command:
sudo gedit /etc/apache2/conf.d/modsecurity.conf
Add the following code, save and exit.
## /etc/init.d/apache2/conf.d/modsecurity.conf Include modsecurity/*.conf
4. ModSecurity rules using these two commands:
cd /etc/apache2/modsecurity sudo cp -R /usr/share/modsecurity-crs/base_rules/* .
5. Modified and correct the line in the modsecurity_crs_20_protocol_violations.conf file.
sudo gedit /etc/apache2/modsecurity/ modsecurity_crs_20_protocol_violations.conf
We need to replace this line:
SecRule REQBODY_ERROR "!@eq 0" with this one: SecRule REQBODY_PROCESSOR_ERROR "!@eq 0"
Save and exit.
6. Restart now the Apche web server.
sudo /etc/init.d/apache2 restart
7. To verify if the ModSecurity module is loaded in Apache.
cat /var/log/apache2/error.log | grep modsecurity
The output must be like this:
ModSecurity for Apache/2.6.0 (URL) configured.
Visit Official Link: ModSecurity