Protect Apache With ModSecurity

Apache compared to many other web servers has pretty good security by default however you may want to add some extra security to it by enabling the modsecurity plugin. For this example I will be using my favorite OS LinuxMint and version 13.

Install Apache

If you already have apache installed, switch to next step

sudo apt-get install apache2 php5

Install ModSecurity

sudo apt-get install libxml2 libxml2-dev libxml2-utils libaprutil1 libaprutil1-dev

If you run a X64 OS you need to symlink a file

sudo ln -s /usr/lib/x86_64-linux-gnu/libxml2.so.2 /usr/lib/libxml2.so.2

Now install the module itself

sudo apt-get install libapache-mod-security

Configure ModSecurity

Take the example configuration and make it the default configuration

sudo mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf

We have to edit a file in order to activate the module

sudo gedit /etc/modsecurity/modsecurity.conf

Look for the entry that starts with SecRuleEngine and change it to

SecRuleEngine On

Download OWASP Rule Set

OWASP is an open source security organization as such, they do a lot of leg work and we can simply copy their rule set and install them along side the defaults that come with ModSecurity

Download the latest rules from owasp and save it to /tmp.....If the link doesnt work you can go to OWASP's main site to get the latest from there.

Install OWASP Rule Set

Run each of the following commands to extract and copy the needed files, the last command opens a text editor

sudo tar -zxvf SpiderLabs-owasp-modsecurity*
sudo cp -R SpiderLabs-owasp-modsecurity*/* /etc/modsecurity/
sudo mv /etc/modsecurity/modsecurity_crs_10_setup.conf.example  /etc/modsecurity/modsecurity_crs_10_setup.conf
cd /etc/modsecurity/base_rules
for f in * ; do sudo ln -s /etc/modsecurity/base_rules/$f /etc/modsecurity/activated_rules/$f ; done
cd /etc/modsecurity/optional_rules
for f in * ; do sudo ln -s /etc/modsecurity/optional_rules/$f /etc/modsecurity/activated_rules/$f ; done 
sudo gedit /etc/apache2/mods-available/mod-security.conf

Just before the </IfModule> line in the file (that will be at the end of the file most likely) paste the following line, save and exit gedit

Include "/etc/modsecurity/activated_rules/*.conf"

Enable The Headers Module In Apache

sudo a2enmod headers

Enable The ModSecurity Module In Apache

sudo a2enmod mod-security

Restart Apache

sudo /etc/init.d/apache2 restart

Testing ModSecurity

If apache reloads fine you should be good to go. To test out the security rules open a browser on your server and load up http://localhost/?id=23' or '1'='1. If you get a forbidden page the module is operating properly

Menu