Categories: Security

How to install ModSecurity with Apache on CentOS?

ModSecurity is an open source, cross-platform web application firewall (WAF) module. Known as the “Swiss Army Knife” of WAFs, it enables web application defenders to gain visibility into HTTP(S) traffic and provides a power rules language and API to implement advanced protections. It is a useful tool to protect websites and web applications from web attacks like SQL Injection, Cross Site Scripting, Brute Force attacks, DDoS attacks on webserver etc. It provides a set of powerful OWASP (Open Web Application Security Project) rules to protect against the vulnerabilities. This guide attempts to help you to install ModSecurity in a CentOS server along with the OWASP core rule set.

In order to install ModSecurity, we have to login to the server using “root” and make sure all packages are updated. Simply run the following command

yum update -y

The above command will check the versions of the packages and will also download and install the packages which are required but not installed as well as the latest updated packages.

ModSecurity needs a few dependencies to be installed before installing the mod_security package. Execute the following command in the server as “root” to install the dependencies.

yum install gcc make httpd-devel libxml2 pcre-devel libxml2-devel curl-devel git

Now, we will download the source code from ModSecurity’s official website to the server.

cd /opt/
wget https://www.modsecurity.org/tarball/2.9.1/modsecurity-2.9.1.tar.gz

Extract the downloaded archive and change the current working directory to the newly extracted directory

tar xzfv modsecurity-2.9.1.tar.gz
cd modsecurity-2.9.1

Now, lets configure, compile and install mod_security from the source code

./configure
make
make install

Copy the default mod_security configuration and the unicode.mapping file to the necessary Apache directory

cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf
cp unicode.mapping /etc/httpd/conf.d/

The mod_security package is now installed on the server. Now, let us configure the Apache web server.

Edit the Apache configuration file using your favorite editor (nano /etc/httpd/conf/httpd.conf) and add the following

LoadModule security2_module modules/mod_security2.so
LoadModule unique_id_module modules/mod_unique_id.so

Now save the changes and restart Apache.

/etc/init.d/httpd restart

Now, we will download and configure the OWASP core rule set

cd /etc/httpd
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
mv owasp-modsecurity-crs modsecurity-crs
cd modsecurity-crs
cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_config.conf

Edit the Apache configuration file and add the following lines at the end of the file.

Include modsecurity-crs/modsecurity_crs_10_config.conf
Include modsecurity-crs/base_rules/*.conf

Now save the changes and restart Apache.

/etc/init.d/httpd restart

The OWASP core rule set is now configured and ModSecurity will start protecting your webserver. There are also commercial rule sets available here which you can use to strengthen the ModSecurity waf.

Nitesh Shah

Share
Published by
Nitesh Shah

Recent Posts

How to setup first Azure Virtual Machine?

Setting up your first Azure Virtual Machine can be done by following these steps: Create…

1 year ago

How to setup Amazon Cloudfront and S3 to serve static resources

Amazon CloudFront is a content delivery network (CDN) that helps you serve static content such…

1 year ago

Step-By-Step Guide To Setting Up An AWS Application Load Balancer

Step-By-Step Guide To Setting Up An AWS Application Load Balancer Are you looking for a…

1 year ago

How to restore MySQL database from .frm and .ibd files?

MySQL databases often get corrupted due to issues like hardware failure, file system failure etc.…

4 years ago

SQL Server Replication

SQL Server Replication is the process of copying databases from one node to another to…

5 years ago

101 System Admin Tools to make life easy

Here are 101 System Admin tools which make System Admins' life easy.

7 years ago

This website uses cookies.