Protect Apache With ModSecurity

Apache compared to many other web servers has pretty good security by default however you may want to add some extra security to it by enabling the modsecurity plugin. For this example I will be using my favorite OS LinuxMint and version 13.


Install Apache

If you already have apache installed, switch to next step



Install ModSecurity


If you run a X64 OS you need to symlink a file



Now install the module itself



Configure ModSecurity

Take the example configuration and make it the default configuration



We have to edit a file in order to activate the module



Look for the entry that starts with SecRuleEngine and change it to



Download OWASP Rule Set

OWASP is an open source security organization as such, they do a lot of leg work and we can simply copy their rule set and install them along side the defaults that come with ModSecurity


Download the latest rules from owasp and save it to /tmp.....If the link doesnt work you can go to OWASP's main site to get the latest from there.


Install OWASP Rule Set

Run each of the following commands to extract and copy the needed files, the last command opens a text editor



Just before the </IfModule> line in the file (that will be at the end of the file most likely) paste the following line, save and exit gedit



Enable The Headers Module In Apache


Enable The ModSecurity Module In Apache


Restart Apache


Testing ModSecurity

If apache reloads fine you should be good to go. To test out the security rules open a browser on your server and load up http://localhost/?id=23' or '1'='1. If you get a forbidden page the module is operating properly