How to Install mod_security Apache Module

secured server

Mod_security is an open-source web application firewall module that can be used to protect Apache web servers from various attacks such as DDoS, SQL injection, cross-site scripting, and many more.

Let’s say you have a web application that accepts user input and stores it in a database. An attacker can use SQL injection to execute malicious SQL statements and gain unauthorized access to your database. Without mod_security, your web server would be vulnerable to this attack.

However, with mod_security enabled and configured, it can detect and block SQL injection attacks. For example, if an attacker sends a malicious SQL statement in the user input, mod_security will detect it and block the request, preventing the SQL injection attack from succeeding.

Here’s an example of a mod_security rule that can block SQL injection attacks:

SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS \
    "(?:\b(?:(?:s(?:elect(?:\s+.*?)?\s+from|et(?:\s+.*?)?\s+)|\
    union(?:\s+.*?)?\s+select(?:\s+.*?)?\s+|\
    (?:create|alter|drop|truncate)(?:\s+.*?)?\s+table|\
    (?:insert(?:\s+.*?)?\s+into|update(?:\s+.*?)?\s+|\
    delete(?:\s+.*?)?\s+from)(?:\s+.*?)?\s+)\b|\b\d+\b)" \
    "id:'990012',phase:2,rev:'2.2.5',t:none,t:urlDecodeUni,t:lowercase,\
    msg:'SQL Injection Attack',logdata:'%{TX.0}',severity:'2',\
    setvar:'tx.msg=%{rule.msg}',setvar:tx.sql_injection_score=+%{tx.critical_anomaly_score},\
    setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQLi=%{matched_var_name}'"

This rule will look for SQL injection attacks in the request headers, filenames, arguments, and argument names. If it detects a SQL injection attack, it will block the request and log the event.

See also  Apache Reverse Proxy Configuration for Linux

By using mod_security rules like this, you can protect your web server from various attacks and enhance its security.

In this short how-to, we will go through the steps to install the mod_security Apache module on CentOS.

Step 1: Install mod_security Apache Module

Once you have installed the Apache web server, you can proceed with the installation of the mod_security Apache module. You can do this by using the following command:

sudo yum install mod_security

This will install the mod_security Apache module and its dependencies.

Step 2: Enable and Configure mod_security Apache Module

After installing the mod_security Apache module, you need to enable and configure it. You can do this by editing the Apache configuration file located at /etc/httpd/conf/httpd.conf. Open the file using a text editor such as Nano or Vim:

sudo nano /etc/httpd/conf/httpd.conf

Locate the following lines and uncomment them by removing the ‘#’ symbol at the beginning of the lines:

#LoadModule security2_module modules/mod_security2.so
#Include conf.d/mod_security.conf

Save and exit the file.

Next, you need to configure the mod_security Apache module by creating a configuration file at /etc/httpd/modsecurity.d/modsecurity.conf. You can do this by using the following command:

sudo nano /etc/httpd/modsecurity.d/modsecurity.conf

Add the following lines to the file:

SecRuleEngine On
SecRequestBodyAccess On
SecResponseBodyAccess On

Save and exit the file.

See also  How to Remove "Red Hat Enterprise Linux Test Page"

Step 3: Restart Apache Web Server

After enabling and configuring the mod_security Apache module, you need to restart the Apache web server to apply the changes. You can do this by using the following command:

sudo service httpd restart

Commands Mentioned:

  • sudo – a command that allows users to run programs with the security privileges of another user, typically the superuser.
  • yum – a package manager for CentOS.
  • httpd – the Apache web server.
  • mod_security – an open-source web application firewall (WAF) module that can be used to protect Apache web servers from various attacks.
  • nano – a text editor for the terminal.
  • service – a command to control system services.

Conclusion:

In this guide, we have covered several important topics related to Linux system administration, including how to install Adobe Flash Player, create a file using the touch command, check the Linux system reboot date and time, check current users in Ubuntu, install the “man” command, install Wine on CentOS, and install the mod_security Apache module.

See also  How to Disable Directory Browsing on Website or Blog

By following these step-by-step guides, you can perform various tasks on your Linux system with ease, enhance its functionality, and improve its security. Moreover, by using commands such as “sudo”, “yum”, and various other Linux commands, you can execute these tasks with the necessary permissions and ensure that your system is secure.

It is essential to understand and implement these commands and techniques to manage and secure your Linux system effectively.

Interested in enhancing the security of your Apache web server and preventing DDoS attacks? Then you might be interested in reading my “Prevent DDoS Attacks on Apache Guide“. The guide provides 8 practical steps that you can take to secure your Apache web server and prevent DDoS attacks, including installing a web application firewall, configuring Apache modules, limiting access to sensitive information, and many more.

If you have any questions or suggestions, feel free to comment below, and we will do our best to help you.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *