Mod_security is an open-source web application firewall module that can be used to protect Apache web servers from various attacks such as DDoS, SQL injection, cross-site scripting, and many more.
Let’s say you have a web application that accepts user input and stores it in a database. An attacker can use SQL injection to execute malicious SQL statements and gain unauthorized access to your database. Without mod_security, your web server would be vulnerable to this attack.
However, with mod_security enabled and configured, it can detect and block SQL injection attacks. For example, if an attacker sends a malicious SQL statement in the user input, mod_security will detect it and block the request, preventing the SQL injection attack from succeeding.
Here’s an example of a mod_security rule that can block SQL injection attacks:
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS \ "(?:\b(?:(?:s(?:elect(?:\s+.*?)?\s+from|et(?:\s+.*?)?\s+)|\ union(?:\s+.*?)?\s+select(?:\s+.*?)?\s+|\ (?:create|alter|drop|truncate)(?:\s+.*?)?\s+table|\ (?:insert(?:\s+.*?)?\s+into|update(?:\s+.*?)?\s+|\ delete(?:\s+.*?)?\s+from)(?:\s+.*?)?\s+)\b|\b\d+\b)" \ "id:'990012',phase:2,rev:'2.2.5',t:none,t:urlDecodeUni,t:lowercase,\ msg:'SQL Injection Attack',logdata:'%{TX.0}',severity:'2',\ setvar:'tx.msg=%{rule.msg}',setvar:tx.sql_injection_score=+%{tx.critical_anomaly_score},\ setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQLi=%{matched_var_name}'"
This rule will look for SQL injection attacks in the request headers, filenames, arguments, and argument names. If it detects a SQL injection attack, it will block the request and log the event.
By using mod_security rules like this, you can protect your web server from various attacks and enhance its security.
In this short how-to, we will go through the steps to install the mod_security Apache module on CentOS.
Step 1: Install mod_security Apache Module
Once you have installed the Apache web server, you can proceed with the installation of the mod_security Apache module. You can do this by using the following command:
sudo yum install mod_security
This will install the mod_security Apache module and its dependencies.
Step 2: Enable and Configure mod_security Apache Module
After installing the mod_security Apache module, you need to enable and configure it. You can do this by editing the Apache configuration file located at /etc/httpd/conf/httpd.conf. Open the file using a text editor such as Nano or Vim:
sudo nano /etc/httpd/conf/httpd.conf
Locate the following lines and uncomment them by removing the ‘#’ symbol at the beginning of the lines:
#LoadModule security2_module modules/mod_security2.so #Include conf.d/mod_security.conf
Save and exit the file.
Next, you need to configure the mod_security Apache module by creating a configuration file at /etc/httpd/modsecurity.d/modsecurity.conf. You can do this by using the following command:
sudo nano /etc/httpd/modsecurity.d/modsecurity.conf
Add the following lines to the file:
SecRuleEngine On SecRequestBodyAccess On SecResponseBodyAccess On
Save and exit the file.
Step 3: Restart Apache Web Server
After enabling and configuring the mod_security Apache module, you need to restart the Apache web server to apply the changes. You can do this by using the following command:
sudo service httpd restart
Commands Mentioned:
- sudo – a command that allows users to run programs with the security privileges of another user, typically the superuser.
- yum – a package manager for CentOS.
- httpd – the Apache web server.
- mod_security – an open-source web application firewall (WAF) module that can be used to protect Apache web servers from various attacks.
- nano – a text editor for the terminal.
- service – a command to control system services.
Conclusion:
In this guide, we have covered several important topics related to Linux system administration, including how to install Adobe Flash Player, create a file using the touch command, check the Linux system reboot date and time, check current users in Ubuntu, install the “man” command, install Wine on CentOS, and install the mod_security Apache module.
By following these step-by-step guides, you can perform various tasks on your Linux system with ease, enhance its functionality, and improve its security. Moreover, by using commands such as “sudo”, “yum”, and various other Linux commands, you can execute these tasks with the necessary permissions and ensure that your system is secure.
It is essential to understand and implement these commands and techniques to manage and secure your Linux system effectively.
Interested in enhancing the security of your Apache web server and preventing DDoS attacks? Then you might be interested in reading my “Prevent DDoS Attacks on Apache Guide“. The guide provides 8 practical steps that you can take to secure your Apache web server and prevent DDoS attacks, including installing a web application firewall, configuring Apache modules, limiting access to sensitive information, and many more.
If you have any questions or suggestions, feel free to comment below, and we will do our best to help you.