Hello, friends. In this post, you will learn how to install ModSecurity with Apache on Ubuntu / Debian. Let’s see.
mod_security is a security module of Apache, it acts as a web application firewall and filters and blocks suspicious requests.
Therefore, many sysadmins rely on this product to increase the security of Apache web server. It is fully Linux compatible, so you should have no problems installing and configuring it.
It never hurts to have more layers of security for your web server, and this tool is no exception. So let’s go.
Install ModSecurity with Apache on Ubuntu / Debian
The first thing to do is to connect via SSH to your server and update it
sudo apt update
sudo apt upgradeThen, you can install Apache in case you don’t have it. In addition, you have to install the libapache2-mod-security2 package.
sudo apt install apache2 libapache2-mod-security2
This is enough.
Check that the module is loaded
The next step is to check if the mod_security module is loaded correctly.
To do this run
apachectl -M | grep securityAnd you should get an output like this if it is enabled.
security2_module (shared)If you don’t have the screen output, don’t worry, you can enable it as follows:
sudo a2enmod security2And to apply the changes:
sudo systemctl reload apache2Configuring ModSecurity to work properly with Apache
The initial tool configuration resides in /etc/modsecurity/modsecurity.conf-recommended which you will have to rename to enable it.
sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.confInside the configuration file, you will have to activate the module
sudo nano /etc/modsecurity/modsecurity.confLook for the line:
SecRuleEngine DetectionOnlyAnd set it to on value
SecRuleEngine On
What this change does is to enable the scanning of each transaction for Apache.
Save the changes and to apply this change
sudo systemctl restart apache2This will suffice in most cases. But the strength of this tool lies in the rules that the community has developed over time. Specifically, we are talking about the OWASP ModSecurity Core Rule Set.
Remove existing rules to avoid problems
sudo rm -r /usr/share/modsecurity-crsDownload them using git.
sudo git clone https://github.com/coreruleset/coreruleset.git /usr/share/modsecurity-crs
Cloning into '/usr/share/modsecurity-crs'...
remote: Enumerating objects: 25911, done.
remote: Counting objects: 100% (102/102), done.
remote: Compressing objects: 100% (59/59), done.
remote: Total 25911 (delta 50), reused 81 (delta 43), pack-reused 25809
Receiving objects: 100% (25911/25911), 6.52 MiB | 22.49 MiB/s, done.
Resolving deltas: 100% (20241/20241), done.Rename the file to enable them
sudo mv /usr/share/modsecurity-crs/crs-setup.conf.example /usr/share/modsecurity-crs/crs-setup.confNow, it is necessary to modify the configuration file of the tool to indicate that it takes these new rules.
sudo nano /etc/apache2/mods-enabled/security2.confAt the end of the <IfModule security2_module> section add
IncludeOptional /usr/share/modsecurity-crs/*.conf
IncludeOptional /usr/share/modsecurity-crs/rules/*.conf
Save the changes and close the editor.
To apply all changes, restart Apache.
sudo systemctl restart apache2So, everything is ready.
Conclusion
In this post, you learned how to install and configure ModSecurity quickly, easily and efficiently.
