HugeServer Knowledgebase

How to install ModSecurity on Apache for CentOS 7, Debian 8 and Ubuntu 16

Introduction

ModSecurity is a toolkit for real-time web application monitoring, logging, and access control. you can consider it as an enabler, there are no hard rules telling you what to do, instead, it is up to you to choose your own path through the available features. The freedom to choose what to do is an essential part of ModSecurity’s identity and goes very well with its open source nature. With full access to the source code, your freedom to choose extends to the ability to customize and extend the tool itself to make it fit your needs.

We are assuming that you have root permission, otherwise, you may start commands with “sudo”.

Nginx + ModSecurity

NOTE: For installing and using ModSecurity you need an Apache web server configured. If you don’t, check out our LAMP stack tutorials.

How to install LAMP (Apache, MySQL, PHP) stack on Debian 8

How to install LAMP (Apache, MySQL, PHP) Stack on Ubuntu 16

How to install LAMP (Apache, MySQL, PHP) stack on CentOS 7

Install ModSecurity

On Debian and Ubuntu

apt-get install libapache2-modsecurity

On CentOs

yum install mod_security

Verify if the ModSecurity module was loaded with your Apache:

apachectl -M | grep --color sec

You should see a module named “security2_module (shared)” which indicates that the module was loaded.

The installation includes a recommended configuration file which has to be renamed with the command below:

mv /etc/modsecurity/modsecurity.conf{-recommended,}

Restart Apache:

systemctl restart apache2
systemctl restart httpd

Configuring ModSecurity

If you want to add rules or edit some existing rules you should open the “modsecurity.conf” and make changes. Here we are going to point to some common rules and configurations:

nano /etc/modsecurity/modsecurity.conf

Find the following line:

SecRuleEngine DetectionOnly

And change it like below:

SecRuleEngine On

Another directive to modify is “SecResponseBodyAccess” This configures whether response bodies are buffered. This is only necessary if data leakage detection and protection is required. Therefore, leaving it On will use up servers resources and also increase the log file size.

Find the following line:

SecResponseBodyAccess On

And turn it off like below:

SecResponseBodyAccess Off

We also can limit the maximum data that can be posted to your web application:

SecRequestBodyLimit
SecRequestBodyNoFilesLimit

The “SecRequestBodyLimit” specifies the maximum post data size. If anything larger is sent by a client the server will respond with a “413 Request Entity Too Large” error. If your web application doesn’t have any file uploads this value can be greatly reduced.

The default value of the configuration file is:

SecRequestBodyLimit 13107200

Which is 12.5 MB

Rule-Set Recommendation

You can also use free ModSecurity  rules that provided by Cybersecurity companies like:

Comodo

OWASP

Atomic Corp

Also, you can find more information about ModSecurity on its official website!

Was this tutorial helpful?

Thank you for your vote.Thank you for your vote.

Similar Posts

One thought on “How to install ModSecurity on Apache for CentOS 7, Debian 8 and Ubuntu 16”

Leave a Reply

Your email address will not be published. Required fields are marked *

*