Protect Apache With ModSecurity

Apache compared to many other web servers has pretty good security by default however you may want to add some extra security to it by enabling the modsecurity plugin. For this example I will be using my favorite OS LinuxMint and version 13.

Install Apache

If you already have apache installed, switch to next step

Install ModSecurity

If you run a X64 OS you need to symlink a file

Now install the module itself

Configure ModSecurity

Take the example configuration and make it the default configuration

We have to edit a file in order to activate the module

Look for the entry that starts with SecRuleEngine and change it to

Download OWASP Rule Set

OWASP is an open source security organization as such, they do a lot of leg work and we can simply copy their rule set and install them along side the defaults that come with ModSecurity

Download the latest rules from owasp and save it to /tmp.....If the link doesnt work you can go to OWASP's main site to get the latest from there.

Install OWASP Rule Set

Run each of the following commands to extract and copy the needed files, the last command opens a text editor

Just before the </IfModule> line in the file (that will be at the end of the file most likely) paste the following line, save and exit gedit

Enable The Headers Module In Apache

Enable The ModSecurity Module In Apache

Restart Apache

Testing ModSecurity

If apache reloads fine you should be good to go. To test out the security rules open a browser on your server and load up http://localhost/?id=23' or '1'='1. If you get a forbidden page the module is operating properly