Dino Geek, try to help you

How to install and configure ModSecurity in Apache?


ModSecurity is an intrusion detection and prevention engine for web applications. It is also known as an open-source web application firewall (WAF).

Here’s how to install and configure ModSecurity in Apache:

Before you start, ensure you have a backup of your server and Apache configurations, and it’s suggested to test these changes in a staging environment before implementing them on a production server.

Step 1: Install Apache and ModSecurity.

On Debian and Ubuntu, open a terminal and use the following command to install Apache and ModSecurity:

```
sudo apt-get install apache2 libapache2-mod-security2
```
For CentOS and Fedora, the command is slightly different:

```
sudo yum install httpd mod_security
```
Step 2: Configure ModSecurity.

Activate ModSecurity by renaming the configuration file. In Ubuntu/Debian you can do so by running:

```
sudo mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
```
For CentOS/Fedora:

```
sudo mv /etc/httpd/modsecurity.d/modsecurity.conf-recommended /etc/httpd/modsecurity.d/modsecurity.conf
```
Open the configuration file `/etc/modsecurity/modsecurity.conf` and change the line `SecRuleEngine DetectionOnly` to `SecRuleEngine On`.

This change switches ModSecurity to active mode, where it will not just log malicious activity, but also intercept and prevent it.

If needed, adjust other configuration settings according to your needs.

Step 3: Configure ModSecurity Rules.

For basic rules configuration, rename the unicode file:

```
sudo mv /etc/modsecurity/unicode.mapping /etc/modsecurity/unicode.mapping
```
Now, you need to set up your security rules. There are pre-defined core rule sets (CRS) provided by ModSecurity. To get those, you can clone them from GitHub:

```
sudo git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
```
Then, move the crs-setup.conf.example file to crs-setup.conf:

```
sudo mv /etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf.example /etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf
```
Include the crs-setup.conf file and the ModSecurity Core Rules Set files in your modsecurity.conf:

```
sudo nano /etc/modsecurity/modsecurity.conf
```
Add these lines at the end of the modsecurity.conf file:

```
IncludeOptional “/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf”
IncludeOptional “/etc/modsecurity/owasp-modsecurity-crs/rules/*.conf”
```
Step 4: Restart Apache.

Finally, restart your Apache service for the changes to take effect. On Ubuntu/Debian, you’d do so using:

```
sudo systemctl restart apache2
```
For CentOS/Fedora, the command is:

```
sudo systemctl restart httpd
```
That’s it! ModSecurity should now be up and running on your Apache server. Be sure to monitor your logs for any issues. You’ll find the ModSecurity audit log at `/var/log/apache2/modsec_audit.log` in Debian/Ubuntu, or at `/var/log/httpd/modsec_audit.log` in CentOS/RHEL.

Note: False positives are quite common with ModSecurity due to its highly sensitive nature. You might need to tweak or disable some rules that are triggering false alerts frequently.


Simply generate articles to optimize your SEO
Simply generate articles to optimize your SEO





DinoGeek offers simple articles on complex technologies

Would you like to be quoted in this article? It's very simple, contact us at dino@eiki.fr

CSS | NodeJS | DNS | DMARC | MAPI | NNTP | htaccess | PHP | HTTPS | Drupal | WEB3 | LLM | Wordpress | TLD | Domain name | IMAP | TCP | NFT | MariaDB | FTP | Zigbee | NMAP | SNMP | SEO | E-Mail | LXC | HTTP | MangoDB | SFTP | RAG | SSH | HTML | ChatGPT API | OSPF | JavaScript | Docker | OpenVZ | ChatGPT | VPS | ZIMBRA | SPF | UDP | Joomla | IPV6 | BGP | Django | Reactjs | DKIM | VMWare | RSYNC | Python | TFTP | Webdav | FAAS | Apache | IPV4 | LDAP | POP3 | SMTP

| Whispers of love (API) | Déclaration d'Amour |






Legal Notice / General Conditions of Use