Menu
- About
- Ham Radio
- NL SwapShop
- NL SOTA Association
- 3D Models
- Linux
- Raspberry Pi
- Windows
- Software
- Photo Gallery
- Contact
- Search

Protect Apache With ModSecurity

Install Apache
If you already have apache installed, switch to next step
Install ModSecurity
If you run a X64 OS you need to symlink a file
Now install the module itself
Configure ModSecurity
Take the example configuration and make it the default configuration
We have to edit a file in order to activate the module
Look for the entry that starts with SecRuleEngine and change it to
Download OWASP Rule Set
OWASP is an open source security organization as such, they do a lot of leg work and we can simply copy their rule set and install them along side the defaults that come with ModSecurity
Download
the latest rules from owasp and save it to /tmp.....If the link doesnt work you can
go
to OWASP's main site to get the latest from there.
Install OWASP Rule Set
Run each of the following commands to extract and copy the needed files, the last command opens a text editor
Just before the </IfModule> line in the file (that will be at the end of the file most likely) paste
the following line, save and exit gedit
Enable The Headers Module In Apache
Enable The ModSecurity Module In Apache
Restart Apache
Testing ModSecurity
If apache reloads fine you should be good to go. To test out the security rules open a browser on your server and load up http://localhost/?id=23' or '1'='1. If you get a forbidden page the module is operating properly