ModSecurity is an open-source web application firewall and intrusion detection and prevention system that provides filtering and other security features to the Apache HTTP Server. As a web application layer firewall, ModSecurity allows for HTTP traffic monitoring and real-time analysis with little or no changes to existing infrastructure. This tutorial will guide you through the process of installing ModSecurity to your Apache HTTP Server on CentOS 6.3.<\/p>\n
Before we dive into the installation process, it’s important to understand the role of ModSecurity in enhancing the security of your web server<\/a>. ModSecurity is a crucial component in securing your Apache<\/a> server.<\/p>\n First, you need to install some dependency packages for ModSecurity. Run the following command as root:<\/p>\n This command installs the necessary packages, including gcc, make, libxml2, libxml2-devel, httpd-devel, pcre-devel, and curl-devel.<\/p>\n Next, navigate to the \/usr\/src\/ directory and download the ModSecurity package:<\/p>\n This command downloads the ModSecurity package from the official website.<\/p>\n After downloading the ModSecurity package, you need to unpack the archive:<\/p>\n This command extracts the contents of the ModSecurity package.<\/p>\n Navigate to the directory where the ModSecurity package was extracted:<\/p>\n This command changes the current directory to the ModSecurity directory.<\/p>\n Run the configure script to generate a Makefile. Typically, no options are needed:<\/p>\n This command runs the configure script.<\/p>\n Install the ModSecurity module with the following command:<\/p>\n This command installs the ModSecurity module.<\/p>\n Copy the configuration file to the \/etc\/httpd\/conf.d directory:<\/p>\n This command copies the recommended ModSecurity configuration file to the appropriate directory.<\/p>\n ModSecurity requires the OWASP (Open Web Application Security Project) core rules for base configuration. These rules are used to protect from unknown vulnerabilities often found in web applications:<\/p>\n These commands download, extract, and set up the OWASP core rules for ModSecurity.<\/p>\n Next, you need to configure the Apache HTTPD config file:<\/p>\n Search for the line “LoadModule” in your httpd.conf and make sure you load the ModSecurity module with the following line:<\/p>\n Then, configure ModSecurity by adding these lines at the bottom of the httpd.conf file:<\/p>\n Restart the Apache service to enable the mod_security module and their rules:<\/p>\n This command restarts the Apache service.<\/p>\n Finally, verify that everything is working fine:<\/p>\n These commands check the syntax of your configuration files and display the last few entries of the Apache error log.<\/p>\n In conclusion, ModSecurity is an essential tool for enhancing the security of your Apache HTTP Server. By following the steps outlined inthis tutorial, you can successfully install ModSecurity on your CentOS 6.3 system. Remember, the process involves installing necessary dependencies, downloading and unpacking the ModSecurity package, running the configure script, installing the ModSecurity module, copying the configuration file, installing the OWASP core rules, configuring the Apache HTTPD config file, restarting the Apache service, and verifying that everything is working fine.<\/p>\n By implementing ModSecurity, you’re adding an extra layer of protection to your server, making it more resilient against potential threats and attacks. Whether you’re running a dedicated server<\/a>, a VPS server<\/a>, or part of a cloud hosting<\/a> or shared hosting<\/a> setup, securing your server should always be a top priority.<\/p>\n Remember, the digital landscape is constantly evolving, and so are the threats that come with it. Stay informed, stay updated, and most importantly, stay secure.<\/p>\n What is ModSecurity?<\/p>\n \n ModSecurity is an open-source web application firewall that provides filtering and other security features to the Apache HTTP Server. It allows for HTTP traffic monitoring and real-time analysis with little or no changes to existing infrastructure.<\/span>\n <\/p>\n<\/li>\n What are the OWASP core rules?<\/p>\n \n The OWASP (Open Web Application Security Project) core rules are a set of rules used by ModSecurity to protect web applications from unknown vulnerabilities. They are used as a base configuration for ModSecurity.<\/span>\n <\/p>\n<\/li>\n How do I install ModSecurity?<\/p>\n \n To install ModSecurity, you need to install dependency packages, download and unpack the ModSecurity package, run the configure script, install the ModSecurity module, copy the configuration file, install the OWASP core rules, configure the Apache HTTPD config file, restart the Apache service, and verify that everything is working fine.<\/span>\n <\/p>\n<\/li>\n What is the role of ModSecurity in Apache?<\/p>\n \n ModSecurity plays a crucial role in enhancing the security of the Apache HTTP Server. It provides a web application layer firewall that allows for HTTP traffic monitoring and real-time analysis, thereby protecting the server from potential threats and attacks.<\/span>\n <\/p>\n<\/li>\n How do I verify that ModSecurity is working correctly?<\/p>\n \n You can verify that ModSecurity is working correctly by checking the syntax of your Apache configuration files using the command “httpd -t”. You can also view the last few entries of the Apache error log with the command “tail -f \/var\/log\/httpd\/error_log”.<\/span>\n <\/p>\n<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":" ModSecurity is an open-source web application firewall and intrusion detection and prevention system that provides filtering and other security features to the Apache HTTP Server. As a web application layer…<\/p>\n","protected":false},"author":6,"featured_media":3872,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"wds_primary_category":0,"footnotes":""},"categories":[1103,1145],"tags":[1254,1536,1576],"class_list":["post-3864","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-apache","category-firewall","tag-centos-6-3","tag-linux","tag-mod_security"],"_links":{"self":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/posts\/3864","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/comments?post=3864"}],"version-history":[{"count":0,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/posts\/3864\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/media\/3872"}],"wp:attachment":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/media?parent=3864"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/categories?post=3864"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/tags?post=3864"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Step 1: Install Dependency Packages for ModSecurity<\/h2>\n
\r\n[root@centos63 ~]# yum install gcc make libxml2 libxml2-devel httpd-devel pcre-devel curl-devel -y\r\n<\/pre>\n
Step 2: Download ModSecurity<\/h2>\n
\r\n[root@centos63 ~]# cd \/usr\/src\/\r\n[root@centos63 src]# wget http:\/\/www.modsecurity.org\/download\/modsecurity-apache_2.6.7.tar.gz\r\n<\/pre>\n
\r\n[root@centos63 src]# wget http:\/\/www.modsecurity.org\/download\/modsecurity-apache_2.6.7.tar.gz\r\n--2012-09-17 16:06:20-- http:\/\/www.modsecurity.org\/download\/modsecurity-apache_2.6.7.tar.gz\r\nResolving www.modsecurity.org... 204.13.200.240\r\nConnecting to www.modsecurity.org|204.13.200.240|:80... connected.\r\nHTTP request sent, awaiting response... 302 Found\r\nLocation: http:\/\/downloads.sourceforge.net\/mod-security\/modsecurity-apache_2.6.7.tar.gz?use_mirror= [following]\r\n--2012-09-17 16:06:21-- http:\/\/downloads.sourceforge.net\/mod-security\/modsecurity-apache_2.6.7.tar.gz?use_mirror=\r\nResolving downloads.sourceforge.net... 216.34.181.59\r\nConnecting to downloads.sourceforge.net|216.34.181.59|:80... connected.\r\nHTTP request sent, awaiting response... 301 Moved Permanently\r\nLocation: http:\/\/downloads.sourceforge.net\/project\/mod-security\/modsecurity-apache\/2.6.7\/modsecurity-apache_2.6.7.tar.gz?use_mirror= [following]\r\n--2012-09-17 16:06:22-- http:\/\/downloads.sourceforge.net\/project\/mod-security\/modsecurity-apache\/2.6.7\/modsecurity-apache_2.6.7.tar.gz?use_mirror=\r\nReusing existing connection to downloads.sourceforge.net:80.\r\nHTTP request sent, awaiting response... 302 Found\r\nLocation: http:\/\/cdnetworks-kr-1.dl.sourceforge.net\/project\/mod-security\/modsecurity-apache\/2.6.7\/modsecurity-apache_2.6.7.tar.gz [following]\r\n--2012-09-17 16:06:23-- http:\/\/cdnetworks-kr-1.dl.sourceforge.net\/project\/mod-security\/modsecurity-apache\/2.6.7\/modsecurity-apache_2.6.7.tar.gz\r\nResolving cdnetworks-kr-1.dl.sourceforge.net... 211.39.135.162\r\nConnecting to cdnetworks-kr-1.dl.sourceforge.net|211.39.135.162|:80... connected.\r\nHTTP request sent, awaiting response... 200 OK\r\nLength: 785852 (767K) [application\/x-gzip]\r\nSaving to: \u00e2modsecurity-apache_2.6.7.tar.gz\u00e2\r\n\r\n100%[==========================================================>] 785,852 88.6K\/s in 8.7s\r\n\r\n2012-09-17 16:06:32 (88.1 KB\/s) - \u00e2modsecurity-apache_2.6.7.tar.gz\u00e2\r\n\r\n<\/pre>\n
Step 3: Unpack the ModSecurity Archive<\/h2>\n
\r\n[root@centos63 src]# tar xzvf modsecurity-apache_2.6.7.tar.gz\r\n<\/pre>\n
Step 4: Enter the Extracted ModSecurity Directory<\/h2>\n
\r\n[root@centos63 src]# cd modsecurity-apache_2.6.7\r\n<\/pre>\n
Step 5: Run the Configure Script<\/h2>\n
\r\n[root@centos63 modsecurity-apache_2.6.7]# .\/configure\r\n<\/pre>\n
Step 6: Install the ModSecurity Module<\/h2>\n
\r\n[root@centos63 modsecurity-apache_2.6.7]# make install\r\n<\/pre>\n
Step 7: Copy the Configuration File<\/h2>\n
\r\n[root@centos63 modsecurity-apache_2.6.7]# cp modsecurity.conf-recommended \/etc\/httpd\/conf.d\/modsecurity.conf\r\n<\/pre>\n
Step 8: Install OWASP Core Rules<\/h2>\n
\r\n[root@centos63 ~]# cd \/etc\/httpd\r\n[root@centos63 httpd]# wget http:\/\/downloads.sourceforge.net\/project\/mod-security\/modsecurity-crs\/0-CURRENT\/modsecurity-crs_2.2.5.tar.gz\r\n[root@centos63 httpd]# tar xzvf modsecurity-crs_2.2.5.tar.gz\r\n[root@centos63 httpd]# mv modsecurity-crs_2.2.5 modsecurity-crs\r\n[root@centos63 modsecurity-crs]# cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_setup.conf\r\n<\/pre>\n
Step 9: Configure Apache HTTPD Config File<\/h2>\n
\r\n[root@centos63 ~]# vi \/etc\/httpd\/conf\/httpd.conf\r\n<\/pre>\n
\r\nLoadModule security2_module modules\/mod_security2.so\r\n<\/pre>\n
\r\n<IfModule security2_module>\r\n Include modsecurity-crs\/modsecurity_crs_10_setup.conf\r\n Include modsecurity-crs\/base_rules\/*.conf\r\n<\/IfModule>\r\n<\/pre>\n
Step 10: Restart the Apache Service<\/h2>\n
\r\n[root@centos63 ~]# \/etc\/init.d\/httpd restart\r\n<\/pre>\n
\r\n[root@centos63 ~]# \/etc\/init.d\/httpd restart\r\nStopping httpd: [ OK ]\r\nStarting httpd: [ OK ]\r\n<\/pre>\n
Step 11: Verify Everything is Working Fine<\/h2>\n
\r\n[root@centos63 ~]# httpd -t\r\nSyntax OK\r\n[root@centos63 ~]# tail -f \/var\/log\/httpd\/error_log\r\n<\/pre>\n
\r\n[root@centos63 ~]# tail -f \/var\/log\/httpd\/error_log\r\n[Mon Sep 17 18:49:58 2012] [notice] Apache\/2.2.15 (Unix) DAV\/2 PHP\/5.3.3 configured -- resuming normal operations\r\n[Mon Sep 17 20:24:27 2012] [notice] caught SIGTERM, shutting down\r\n[Mon Sep 17 20:24:28 2012] [notice] suEXEC mechanism enabled (wrapper: \/usr\/sbin\/suexec)\r\n[Mon Sep 17 20:24:28 2012] [notice] ModSecurity for Apache\/2.6.7 (http:\/\/www.modsecurity.org\/) configured.\r\n[Mon Sep 17 20:24:28 2012] [notice] ModSecurity: APR compiled version=\"1.3.9\"; loaded version=\"1.3.9\"\r\n[Mon Sep 17 20:24:28 2012] [notice] ModSecurity: PCRE compiled version=\"7.8 \"; loaded version=\"7.8 2008-09-05\"\r\n[Mon Sep 17 20:24:28 2012] [notice] ModSecurity: LIBXML compiled version=\"2.7.6\"\r\n[Mon Sep 17 20:24:28 2012] [notice] Digest: generating secret for digest authentication ...\r\n[Mon Sep 17 20:24:28 2012] [notice] Digest: done\r\n[Mon Sep 17 20:24:28 2012] [notice] Apache\/2.2.15 (Unix) DAV\/2 PHP\/5.3.3 configured -- resuming normal operations\r\n<\/pre>\n
Commands Mentioned<\/h2>\n
\n
Conclusion<\/h2>\n
FAQs<\/h2>\n
\n