How to Set up & Configure ModSecurity on Apache

Jass Web

blog, Web Servers

Introduction

ModSecurity is an open source web application firewall (WAF) that helps protect web applications from malicious attacks. It is a powerful tool that can be used to detect and prevent a wide range of attacks, including SQL injection, cross-site scripting, and other malicious activities. In this guide, we will show you how to set up and configure ModSecurity on Apache. We will cover the installation process, configuration options, and how to test your setup. By the end of this guide, you will have a secure Apache server with ModSecurity enabled.

How to Set up & Configure ModSecurity on Apache

1. Install ModSecurity

The first step is to install ModSecurity on your Apache web server. This can be done using your system’s package manager. For example, on Ubuntu, you can use apt-get to install ModSecurity:

sudo apt-get install libapache2-mod-security2

2. Enable ModSecurity

Once ModSecurity is installed, you need to enable it in Apache. This can be done by editing the Apache configuration file. On Ubuntu, this file is located at /etc/apache2/apache2.conf.

Add the following line to the file:

LoadModule security2_module /usr/lib/apache2/modules/mod_security2.so

3. Configure ModSecurity

The next step is to configure ModSecurity. This can be done by editing the ModSecurity configuration file. On Ubuntu, this file is located at /etc/modsecurity/modsecurity.conf.

In this file, you can configure various settings such as which rules to enable, which requests to block, and which requests to allow.

4. Restart Apache

Once you have finished configuring ModSecurity, you need to restart Apache for the changes to take effect. On Ubuntu, you can do this by running the following command:

sudo service apache2 restart

5. Test ModSecurity

Finally, you should test ModSecurity to make sure it is working correctly. You can do this by sending requests to your web server and checking the Apache error log for any ModSecurity-related errors.
[ad_1]

Introduction

ModSecurity is a plug-in module for Apache that works like a firewall. It functions through rule sets, which allow you to customize and configure your server security.

ModSecurity can also monitor web traffic in real time and help you detect and respond to intrusions. It can be used with Apache, Nginx, and IIF and is compatible with Debian, Ubuntu, and CentOS.

This tutorial explains how to install and configure ModSecurity on Apache web servers.

Prerequisites

  • The LAMP stack (Linux, Apache, MySQL, PHP) installed and configured
  • Access to a user account with sudo or root privileges
  • A package manager (APT or YUM), included by default
  • A command line/terminal window (Ctrl-Alt-T, Ctrl-Alt-F1)
  • A text editor, like nano

Step 1: Update Software Repositories

Open a terminal window, and enter the following:

On Debian / Ubuntu

sudo apt update -y
Update Ubuntu/Debian repository list.

On CentOS

sudo yum update -y

Step 2: Installing ModSecurity On Apache

Install ModSecurity on Debian

1. In a terminal window, enter the following:

sudo apt install libapache2-modsecurity

If prompted, pres y and hit Enter to allow the process to complete.

2. Restart the Apache service:

sudo systemctl restart apache2

There will be no output if Apache was restarted successfully.

3. Check the software version (it should be 2.8.0 or later):

apt-cache show libapache2-modsecurity

Note: Ubuntu has a slightly different syntax for the ModSecurity package.

Install ModSecurity on Ubuntu 18.04

1. In a terminal window, enter:

sudo apt install libapache2-mod-security2

If prompted, pres y and hit Enter to allow the process to complete.

Installing modevasive on Ubuntu.

2. Restart the Apache service:

sudo systemctl restart apache2

There will be no output if Apache was restarted successfully.

3. Check the software version (should be 2.8.0 or later):

apt-cache show libapache2-mod-security2
Check mod_evasive on Ubuntu.

Install ModSecurity on CentOS 7

1. Enter the following into a terminal window:

sudo yum install mod_security

If prompted, pres y and hit Enter to allow the process to complete.

2. Restart the Apache service:

sudo systemctl restart httpd.service

3. Check the software version (should be 2.8.0 or later):

yum info mod_security

Step: 3 Configure ModSecurity

Upon installation, ModSecurity is set to log events according to default rules. You’ll need to edit the configuration file to adjust the rules to detect and block traffic.

The default configuration file is /etc/modsecurity/modsecurity.conf-recommended.

1. Copy and rename the file:

sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf

2. Next, change the ModSecurity detection mode. First, move into the /etc/modsecurity folder:

sudo cd /etc/modsecurity

3. Open the configuration file in a text editor (we will be using nano):

sudo nano modsecurity.conf

Near the top, you should see an entry labeled:

SecRuleEngine DetectionOnly

Change this to read as follows:

SecRuleEngine On
Configure the SecRuleEngine option to set up ModSecurity.

4. Use CTRL+X to exit, then press y then Enter to save the changes.

5. Navigate away from the /etc/modsecurity folder:

cd

6. Restart Apache:

On Debian/Ubuntu

sudo systemctl restart apache2
Restart Apache to load the updated configuration file.

On CentOS

sudo systemctl restart httpd.service

This will turn on ModSecurity using the basic default rules. In some versions of Linux, this includes the OWASP Core Rule Set. However, this might differ from the latest version maintained by the developers.

Step 4: Download Latest OWASP ModSecurity Rules

The latest Core Rule Set (CRS) for ModSecurity is maintained on GitHub.

1. Install Git if it’s not already included on your system.

Install Git on Debian/Ubuntu:

sudo apt install git

Install Git on CentOS:

sudo yum install git

2. Download a copy of the CRS:

git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
Clone the OWASP GitHub repository.

This places a copy of the directory as a subdirectory of your current working location.

3. Open a new directory:

cd owasp-modsecurity-crs

4. Move the crs-setup file:

sudo mv crs-setup.conf.example /etc/modsecurity/crs-setup.conf
Image of a command that moves the OWASP csr setup file.

5. Then move the rules/ directory:

sudo mv rules/ /etc/modsecurity

If you encounter an error trying to move this directory, enter:

sudo mkdir /etc/modsecurity/rules
cd rules 
sudo cp *.* /etc/modsecurity/rules

6. Next, check your security2.conf file to verify it’s set to load the ModSecurity rules:

sudo nano /etc/apache2/mods-enabled/security2.conf
Edit the OWASP scp configuration file.

Verify you have the following lines included and uncommented:

IncludeOptional /etc/modsecurity/*.conf
Include /etc/modsecurity/rules/*.conf

If they are not there, add them. Do not duplicate them, or you risk disabling your Apache service.

The OWASP configration file.

7. Restart the Apache service:

On Debian/Ubuntu

sudo systemctl restart apache2

On CentOS

sudo systemctl restart httpd.service

Step 5: Test Apache Configuration

1. Open the default Apache configuration file:

sudo nano /etc/apache2/sites-available/000-default.conf

2. Locate the </VirtualHost> tag at the bottom and add the following lines:

SecRuleEngine On
SecRule ARGS:testparam "@contains test" "id:1234,deny,status:403,msg:'phoenixNAP test rule was triggered'"

You can change the msg to whatever you prefer.

Nano editor showing the apache configuration file.

Save and quit the file (CTRL+X > y > Enter).

3. Restart the Apache service:

On Debian/Ubuntu

sudo systemctl restart apache2

On CentOS

sudo systemctl restart httpd.service

4. Then, enter the following command:

curl localhost/index.html?testparam=test

The system responds by attempting to display the default webpage. Instead of the content, it generates error codes and messages inside the tags:

ModSecurity error messages in the terminal.

5. You can confirm that ModSecurity worked by looking for code 403 at the Apache error logs with the command:

sudo tail -f /var/log/apache2/error.log

One of the entries towards the bottom should be the ModSecurity error code:

Test ModSecurity and OWASP CRS With Bash Script

Another method you can use to test ModSecurity is to use a Bash script.

1. Enter the following command in the terminal:

curl localhost/index.html?exec=/bin/bash

The output shows the same error messages as the last time.

2. View the Apache error.log file again and you will find that the the rule kicked in:

sudo tail -f /var/log/apache2/error.log
OWASP CRS error message in the Apache log

The output displays the OWASP-related ModSecurity error message.

Step 6: Create ModSecurity Rules

Below is a test example how you can use ModSecurity to block specific keywords on a PHP form.

1. Create a PHP file inside the html directory with the command:

sudo nano /var/www//html/test.php

2. Enter the following code into the file:

<html>
<body>
<?php
if(isset($_POST['data']))
echo $_POST['data'];
else
{
?>
<form method="post" action="">
Enter text here:<textarea name="data"></textarea>
<input type="submit"/>
</form>
<?php
}
?>
</body>
</html>

Save the file and exit.

3. Next, create a new ModSecurity custom rules file:

sudo nano /etc/modsecurity/modsecurity_custom_rules.conf

Add the following lines:

SecRule REQUEST_FILENAME "test.php" "id:'400001',chain,deny,log,msg:'Spam detected'"
SecRule REQUEST_METHOD "POST" chain
SecRule REQUEST_BODY "@rx (?i:(enlarge|Nigerian|gold))"

Of course, change the keywords in the last line to anything you want.

Save the file and exit.

4. Reload the Apache service:

On Debian/Ubuntu

sudo systemctl restart apache2

On CentOS

sudo systemctl restart httpd.service

5. Launch the form in a web browser

localhost/test.php
Browser showing the php test form.

6. Type one of the keywords from the rule into the form. In this example: enlarge, Nigerian, or gold.

You should receive a 403 Forbidden error message.

A browser window showing forbidden message after testing a form.

You can also check the /var/log/apache2/error.log file to verify ModSecurity’s action.

Note: We don’t need to add this custom_rules file to the security2.conf file, because we specified a wildcard (IncludeOptional /etc/modsecurity/*.conf). If we had specified an individual .conf file, we would need to add this custom_rules file to the security2.conf file.

Conclusion

You should now have a solid understanding of how to install, set up, and configure ModSecurity on Apache. Make sure you installed the LAMP stack properly before following the steps in this guide.

[ad_2]

How to Set up & Configure ModSecurity on Apache

ModSecurity is an open source web application firewall (WAF) that helps protect web applications from malicious attacks. It is a powerful tool that can be used to detect and prevent a wide range of attacks, including SQL injection, cross-site scripting (XSS), and other malicious activities. In this tutorial, we will show you how to set up and configure ModSecurity on Apache.

Prerequisites

  • A server running Apache web server
  • Root privileges

Step 1 – Installing ModSecurity

The first step is to install ModSecurity on your server. To do this, you will need to use the apt package manager. Run the following command to install ModSecurity:

sudo apt-get install libapache2-modsecurity

Once the installation is complete, you will need to enable the ModSecurity module. To do this, run the following command:

sudo a2enmod security2

Once the module is enabled, you will need to restart Apache for the changes to take effect. To do this, run the following command:

sudo systemctl restart apache2

Step 2 – Configuring ModSecurity

Once ModSecurity is installed and enabled, you will need to configure it. The configuration file for ModSecurity is located at /etc/modsecurity/modsecurity.conf. You can edit this file to configure ModSecurity to your needs.

For example, you can enable the ModSecurity Core Ruleset by adding the following line to the configuration file:

Include "/etc/modsecurity/modsecurity-crs/*.conf"

Once you have made your changes, you will need to restart Apache for the changes to take effect. To do this, run the following command:

sudo systemctl restart apache2

Step 3 – Testing ModSecurity

Once ModSecurity is installed and configured, you can test it to make sure it is working properly. To do this, you can use the ModSecurity Test Suite. This is a set of scripts that can be used to test ModSecurity for various types of attacks.

To run the test suite, you will need to download it from the ModSecurity website. Once you have downloaded the test suite, you can run it by running the following command:

./modsecurity-test-suite.sh

Once the test suite has finished running, you should see a report that shows the results of the tests. If any of the tests fail, you will need to investigate the issue and make the necessary changes to your configuration.

Conclusion

In this tutorial, we have shown you how to set up and configure ModSecurity on Apache. ModSecurity is a powerful tool that can help protect your web applications from malicious attacks. We hope you have found this tutorial useful.

How to Install Apache Maven on CentOS 7

Defend Against DoS & DDoS on Apache With mod_evasive

Jaspreet Singh Ghuman

Jaspreet Singh Ghuman

Jassweb.com/

Passionate Professional Blogger, Freelancer, WordPress Enthusiast, Digital Marketer, Web Developer, Server Operator, Networking Expert. Empowering online presence with diverse skills.

jassweb logo

Jassweb always keeps its services up-to-date with the latest trends in the market, providing its customers all over the world with high-end and easily extensible internet, intranet, and extranet products.

GSTIN is 03EGRPS4248R1ZD.

Services

Web Design and Development

Web Server Solutions

Website Maintenance

Fix WordPress Website

SEO and Digital Marketing

E-commerce Solutions

Quick Links

DMCA

Disclaimer

Privacy Policy

Shipping and Delivery

Terms and Conditions

Cancellation and Refund

Contact
[email protected]
+9179000-01331
Jassweb, Rai Chak, Punjab, India. 143518
Continue Shopping →
Item added to cart.
0 items - 0.00
Checkout