How to install mod_security for Apache

How to install mod_security for Apache——————————————————What is mod_security?
ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella – shielding applications from attacks. ModSecurity supports both branches of the Apache web server.——————————————————-You can install mod_security on Apache 1.3x or 2.x

Installation steps :

1) Download modsecurity-apache-1.9.2

1. wget http://www.modsecurity.org/download…he-1.9.2.tar.gz
2. tar zxvf modsecurity-apache-1.9.2.tar.gz
3. cd modsecurity-apache-1.9.2/

2) Now you need to determine which version of apache you use:
If it’s APACHE 1.3.x then

1. cd apache1/
   If it’s APACHE 2.x then
2. cd apache2/

Note : To check apache version give httpd -v command or type http://ip/xyz you will get apache version.

3) Lets Compile the module now:
Find apxs files path

1. locate apxs
   If path is /usr/sbin/apxs then give following command
2. /usr/sbin/apxs -cia mod_security.c

4) Ok, now its time to edit the httpd conf file. First we will make a backup just incase something goes wrong:
cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.backup
or
cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.backup

5) Now that we have backed it all up, we can edit the httpd.conf. Replace pico with nano depending on what you have
vi /usr/local/apache/conf/httpd.conf
or
vi /etc/httpd/conf/httpd.conf

Now add this :———————————————-

SecFilterEngine On

SecServerSignature “Apache”
SecFilterCheckUnicodeEncoding Off
SecAuditEngine RelevantOnly
SecAuditLog logs/audit_log
SecFilterScanPOST On

SecFilterDefaultAction “deny,log,status:403”

SecFilterSelective REQUEST_METHOD “^POST$” chain
SecFilterSelective HTTP_Content-Length “^$”

SecFilterSelective HTTP_Transfer-Encoding “!^$”

SecFilterSelective ARG_PHPSESSID “!^[0-9a-z]*$”
SecFilterSelective COOKIE_PHPSESSID “!^[0-9a-z]*$”
SecFilter “../”

SecFilter “viewtopic.php?” chain
SecFilter “chr(([0-9]{1,3}))” “deny,log”

SecFilterSelective THE_REQUEST “wget ”
SecFilterSelective THE_REQUEST “lynx ”
SecFilterSelective THE_REQUEST “scp ”
SecFilterSelective THE_REQUEST “ftp ”
SecFilterSelective THE_REQUEST “cvs ”
SecFilterSelective THE_REQUEST “rcp ”
SecFilterSelective THE_REQUEST “curl ”
SecFilterSelective THE_REQUEST “telnet ”
SecFilterSelective THE_REQUEST “ssh ”
SecFilterSelective THE_REQUEST “echo ”
SecFilterSelective THE_REQUEST “links -dump ”
SecFilterSelective THE_REQUEST “links dumpcharset ”
SecFilterSelective THE_REQUEST “links dumpwidth ”
SecFilterSelective THE_REQUEST “links http:// ”
SecFilterSelective THE_REQUEST “links ftp:// ”
SecFilterSelective THE_REQUEST “links -source ”
SecFilterSelective THE_REQUEST “mkdir ”
SecFilterSelective THE_REQUEST “cd /tmp ”
SecFilterSelective THE_REQUEST “cd /var/tmp ”
SecFilterSelective THE_REQUEST “cd /etc/httpd/proxy ”
SecFilterSelective THE_REQUEST “/config.php?v=1&DIR ”
SecFilterSelective THE_REQUEST “/../../ ”
SecFilterSelective THE_REQUEST “&highlight=%2527%252E ”
SecFilterSelective THE_REQUEST “changedir=%2Ftmp%2F.php ”

1. Very crude filters to prevent SQL injection attacks
   SecFilter “delete[[:space:]]+from”
   SecFilter “insert[[:space:]]+into”
   SecFilter “select.+from”

1. Weaker XSS protection but allows common HTML tags
   SecFilter “”

:wq!————————————————
6) Restart apache

1. service httpd restart

You’ve successfully installed mod_security!

Best Regards,
Shane Bewick

This entry was posted in Linux OS. Bookmark the permalink.