Skip to content

How to install ModSecurity with Apache on CentOS?

ModSecurity is an open source, cross-platform web application firewall (WAF) module. Known as the “Swiss Army Knife” of WAFs, it enables web application defenders to gain visibility into HTTP(S) traffic and provides a power rules language and API to implement advanced protections. It is a useful tool to protect websites and web applications from web attacks like SQL Injection, Cross Site Scripting, Brute Force attacks, DDoS attacks on webserver etc. It provides a set of powerful OWASP (Open Web Application Security Project) rules to protect against the vulnerabilities. This guide attempts to help you to install ModSecurity in a CentOS server along with the OWASP core rule set.

In order to install ModSecurity, we have to login to the server using “root” and make sure all packages are updated. Simply run the following command

yum update -y

The above command will check the versions of the packages and will also download and install the packages which are required but not installed as well as the latest updated packages.

ModSecurity needs a few dependencies to be installed before installing the mod_security package. Execute the following command in the server as “root” to install the dependencies.

yum install gcc make httpd-devel libxml2 pcre-devel libxml2-devel curl-devel git

Now, we will download the source code from ModSecurity’s official website to the server.

cd /opt/
wget https://www.modsecurity.org/tarball/2.9.1/modsecurity-2.9.1.tar.gz

Extract the downloaded archive and change the current working directory to the newly extracted directory

tar xzfv modsecurity-2.9.1.tar.gz
cd modsecurity-2.9.1

Now, lets configure, compile and install mod_security from the source code

./configure
make
make install

Copy the default mod_security configuration and the unicode.mapping file to the necessary Apache directory

cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf
cp unicode.mapping /etc/httpd/conf.d/

The mod_security package is now installed on the server. Now, let us configure the Apache web server.

Edit the Apache configuration file using your favorite editor (nano /etc/httpd/conf/httpd.conf) and add the following

LoadModule security2_module modules/mod_security2.so
LoadModule unique_id_module modules/mod_unique_id.so

Now save the changes and restart Apache.

/etc/init.d/httpd restart

Now, we will download and configure the OWASP core rule set

cd /etc/httpd
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
mv owasp-modsecurity-crs modsecurity-crs
cd modsecurity-crs
cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_config.conf

Edit the Apache configuration file and add the following lines at the end of the file.

Include modsecurity-crs/modsecurity_crs_10_config.conf
Include modsecurity-crs/base_rules/*.conf

Now save the changes and restart Apache.

/etc/init.d/httpd restart

The OWASP core rule set is now configured and ModSecurity will start protecting your webserver. There are also commercial rule sets available here which you can use to strengthen the ModSecurity waf.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

x  Powerful Protection for WordPress, from Shield Security
This Site Is Protected By
Shield Security