{"id":15798,"date":"2023-05-09T22:32:44","date_gmt":"2023-05-09T22:32:44","guid":{"rendered":"https:\/\/webhostinggeeks.com\/howto\/?p=15798"},"modified":"2023-06-21T22:15:49","modified_gmt":"2023-06-21T22:15:49","slug":"how-to-install-mod_security-apache-module","status":"publish","type":"post","link":"https:\/\/webhostinggeeks.com\/howto\/how-to-install-mod_security-apache-module\/","title":{"rendered":"How to Install mod_security Apache Module"},"content":{"rendered":"

\"secured<\/p>\n

Mod_security is an open-source web application firewall module that can be used to protect Apache web servers<\/a> from various attacks such as DDoS<\/a>, SQL injection, cross-site scripting, and many more.<\/p>\n

Let’s say you have a web application that accepts user input and stores it in a database. An attacker can use SQL injection to execute malicious SQL statements and gain unauthorized access to your database. Without mod_security, your web server<\/a> would be vulnerable to this attack.<\/p>\n

However, with mod_security enabled and configured, it can detect and block SQL injection attacks. For example, if an attacker sends a malicious SQL statement in the user input, mod_security will detect it and block the request, preventing the SQL injection attack from succeeding.<\/p>\n

Here’s an example of a mod_security rule that can block SQL injection attacks:<\/p>\n

\r\nSecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS \\\r\n    \"(?:\\b(?:(?:s(?:elect(?:\\s+.*?)?\\s+from|et(?:\\s+.*?)?\\s+)|\\\r\n    union(?:\\s+.*?)?\\s+select(?:\\s+.*?)?\\s+|\\\r\n    (?:create|alter|drop|truncate)(?:\\s+.*?)?\\s+table|\\\r\n    (?:insert(?:\\s+.*?)?\\s+into|update(?:\\s+.*?)?\\s+|\\\r\n    delete(?:\\s+.*?)?\\s+from)(?:\\s+.*?)?\\s+)\\b|\\b\\d+\\b)\" \\\r\n    \"id:'990012',phase:2,rev:'2.2.5',t:none,t:urlDecodeUni,t:lowercase,\\\r\n    msg:'SQL Injection Attack',logdata:'%{TX.0}',severity:'2',\\\r\n    setvar:'tx.msg=%{rule.msg}',setvar:tx.sql_injection_score=+%{tx.critical_anomaly_score},\\\r\n    setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQLi=%{matched_var_name}'\"\r\n<\/pre>\n
This rule will look for SQL injection attacks in the request headers, filenames, arguments, and argument names. If it detects a SQL injection attack, it will block the request and log the event.<\/p>\n
By using mod_security rules like this, you can protect your web server from various attacks and enhance its security.<\/p>\n
In this short how-to, we will go through the steps to install the mod_security Apache module on CentOS.<\/p>\n
Step 1: Install mod_security Apache Module<\/h2>\n
Once you have installed the Apache web server, you can proceed with the installation of the mod_security Apache module. You can do this by using the following command:<\/p>\n
\r\nsudo yum install mod_security\r\n<\/pre>\n
This will install the mod_security Apache module and its dependencies.<\/p>\n
Step 2: Enable and Configure mod_security Apache Module<\/h2>\n
After installing the mod_security Apache module, you need to enable and configure it. You can do this by editing the Apache configuration file located at \/etc\/httpd\/conf\/httpd.conf. Open the file using a text editor such as Nano or Vim:<\/p>\n
\r\nsudo nano \/etc\/httpd\/conf\/httpd.conf\r\n<\/pre>\n
Locate the following lines and uncomment them by removing the ‘#’ symbol at the beginning of the lines:<\/p>\n
\r\n#LoadModule security2_module modules\/mod_security2.so\r\n#Include conf.d\/mod_security.conf\r\n<\/pre>\n
Save and exit the file.<\/p>\n
Next, you need to configure the mod_security Apache module by creating a configuration file at \/etc\/httpd\/modsecurity.d\/modsecurity.conf. You can do this by using the following command:<\/p>\n
\r\nsudo nano \/etc\/httpd\/modsecurity.d\/modsecurity.conf\r\n<\/pre>\n
Add the following lines to the file:<\/p>\n
\r\nSecRuleEngine On\r\nSecRequestBodyAccess On\r\nSecResponseBodyAccess On\r\n<\/pre>\n
Save and exit the file.<\/p>\n
Step 3: Restart Apache Web Server<\/h2>\n
After enabling and configuring the mod_security Apache module, you need to restart the Apache web server to apply the changes. You can do this by using the following command:<\/p>\n
\r\nsudo service httpd restart\r\n<\/pre>\n
Commands Mentioned:<\/h2>\n