I am Angelo. A systems engineer passionate about Linux and all open-source software. Although here I'm just another member of the family.

How to Install ModSecurity with Apache on Ubuntu

Hello, friends. In this post, you will learn how to install ModSecurity with Apache on Ubuntu / Debian. Let’s see.

mod_security is a security module of Apache, it acts as a web application firewall and filters and blocks suspicious requests.

Therefore, many sysadmins rely on this product to increase the security of Apache web server. It is fully Linux compatible, so you should have no problems installing and configuring it.

It never hurts to have more layers of security for your web server, and this tool is no exception. So let’s go.

Install ModSecurity with Apache on Ubuntu / Debian

The first thing to do is to connect via SSH to your server and update it

sudo apt update
sudo apt upgrade

Then, you can install Apache in case you don’t have it. In addition, you have to install the libapache2-mod-security2 package.

sudo apt install apache2 libapache2-mod-security2
Install ModSecurity with Apache on Ubuntu / Debian
Install ModSecurity with Apache on Ubuntu / Debian

This is enough.

Check that the module is loaded

The next step is to check if the mod_security module is loaded correctly.

To do this run

apachectl -M | grep security

And you should get an output like this if it is enabled.

security2_module (shared)

If you don’t have the screen output, don’t worry, you can enable it as follows:

sudo a2enmod security2

And to apply the changes:

sudo systemctl reload apache2

Configuring ModSecurity to work properly with Apache

The initial tool configuration resides in /etc/modsecurity/modsecurity.conf-recommended which you will have to rename to enable it.

sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf

Inside the configuration file, you will have to activate the module

sudo nano /etc/modsecurity/modsecurity.conf

Look for the line:

SecRuleEngine DetectionOnly

And set it to on value

SecRuleEngine On
Enable ModSecurity with Apache
Enable ModSecurity with Apache

What this change does is to enable the scanning of each transaction for Apache.

Save the changes and to apply this change

sudo systemctl restart apache2

This will suffice in most cases. But the strength of this tool lies in the rules that the community has developed over time. Specifically, we are talking about the OWASP ModSecurity Core Rule Set.

Remove existing rules to avoid problems

sudo rm -r /usr/share/modsecurity-crs

Download them using git.

sudo git clone /usr/share/modsecurity-crs
Cloning into '/usr/share/modsecurity-crs'...
remote: Enumerating objects: 25911, done.
remote: Counting objects: 100% (102/102), done.
remote: Compressing objects: 100% (59/59), done.
remote: Total 25911 (delta 50), reused 81 (delta 43), pack-reused 25809
Receiving objects: 100% (25911/25911), 6.52 MiB | 22.49 MiB/s, done.
Resolving deltas: 100% (20241/20241), done.

Rename the file to enable them

sudo mv /usr/share/modsecurity-crs/crs-setup.conf.example /usr/share/modsecurity-crs/crs-setup.conf

Now, it is necessary to modify the configuration file of the tool to indicate that it takes these new rules.

sudo nano /etc/apache2/mods-enabled/security2.conf

At the end of the <IfModule security2_module> section add

IncludeOptional /usr/share/modsecurity-crs/*.conf
IncludeOptional /usr/share/modsecurity-crs/rules/*.conf
Set the rules for ModSecurity
Set the rules for ModSecurity

Save the changes and close the editor.

To apply all changes, restart Apache.

sudo systemctl restart apache2

So, everything is ready.


In this post, you learned how to install and configure ModSecurity quickly, easily and efficiently.


Please enter your comment!
Please enter your name here

Latest articles

Join us on Facebook