Hello, friends. In this post, you will learn how to install ModSecurity with Apache on Ubuntu / Debian. Let’s see.
mod_security is a security module of Apache, it acts as a web application firewall and filters and blocks suspicious requests.
Therefore, many sysadmins rely on this product to increase the security of Apache web server. It is fully Linux compatible, so you should have no problems installing and configuring it.
It never hurts to have more layers of security for your web server, and this tool is no exception. So let’s go.
Install ModSecurity with Apache on Ubuntu / Debian
The first thing to do is to connect via SSH to your server and update it
sudo apt update sudo apt upgrade
Then, you can install Apache in case you don’t have it. In addition, you have to install the
sudo apt install apache2 libapache2-mod-security2
This is enough.
Check that the module is loaded
The next step is to check if the
mod_security module is loaded correctly.
To do this run
apachectl -M | grep security
And you should get an output like this if it is enabled.
If you don’t have the screen output, don’t worry, you can enable it as follows:
sudo a2enmod security2
And to apply the changes:
sudo systemctl reload apache2
Configuring ModSecurity to work properly with Apache
The initial tool configuration resides in
/etc/modsecurity/modsecurity.conf-recommended which you will have to rename to enable it.
sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
Inside the configuration file, you will have to activate the module
sudo nano /etc/modsecurity/modsecurity.conf
Look for the line:
And set it to
What this change does is to enable the scanning of each transaction for Apache.
Save the changes and to apply this change
sudo systemctl restart apache2
This will suffice in most cases. But the strength of this tool lies in the rules that the community has developed over time. Specifically, we are talking about the OWASP ModSecurity Core Rule Set.
Remove existing rules to avoid problems
sudo rm -r /usr/share/modsecurity-crs
Download them using git.
sudo git clone https://github.com/coreruleset/coreruleset.git /usr/share/modsecurity-crs Cloning into '/usr/share/modsecurity-crs'... remote: Enumerating objects: 25911, done. remote: Counting objects: 100% (102/102), done. remote: Compressing objects: 100% (59/59), done. remote: Total 25911 (delta 50), reused 81 (delta 43), pack-reused 25809 Receiving objects: 100% (25911/25911), 6.52 MiB | 22.49 MiB/s, done. Resolving deltas: 100% (20241/20241), done.
Rename the file to enable them
sudo mv /usr/share/modsecurity-crs/crs-setup.conf.example /usr/share/modsecurity-crs/crs-setup.conf
Now, it is necessary to modify the configuration file of the tool to indicate that it takes these new rules.
sudo nano /etc/apache2/mods-enabled/security2.conf
At the end of the
<IfModule security2_module> section add
IncludeOptional /usr/share/modsecurity-crs/*.conf IncludeOptional /usr/share/modsecurity-crs/rules/*.conf
Save the changes and close the editor.
To apply all changes, restart Apache.
sudo systemctl restart apache2
So, everything is ready.
In this post, you learned how to install and configure ModSecurity quickly, easily and efficiently.