Install ModSecurity in Apache2 – The Easiest Way

ModSecurity is a module for Apache to act as a web application firewall, which bring another security layer to your website. Nowadays, it is very important to have this protection so your website will be protected from Internet threats. Based on my experience as system administrator, our intrusion detection system averagely detected 10 – 15 internet threats per server per day. These include brute-force attack, blind SQL injection, XSS attack and many more.

Apache is the most popular web server in the world. For those who use Apache, I strongly advise you to have ModSecurity enabled in your production web server. You will never know when your website being target, or why it being target. Protection is the best cure!

I will use standard CentOS 6 distribution with Apache installed using yum run as DSO. Variables as below:

OS: CentOS 6 64bit
Apache directory: /etc/httpd
Apache configuration: /etc/httpd/conf/httpd.conf
ModSecurity configuration: /etc/httpd/conf.d/modsecurity.conf

1. Install Apache via yum and make sure it running properly:

$ yum install -y httpd*
$ chkconfig httpd on
$ service httpd start

2. Install all the needed packages via yum:

$ yum install pcre* libxml2* libcurl* lua* libtool openssl -y

3. Download mod_security source file at http://www.modsecurity.org/download/. In this case I will download modsecurity-apache_2.6.2.tar.gz :

$ cd /usr/local/src
$ tar -xzf  modsecurity-apache_2.6.2.tar.gz

4. Extract the downloaded files, navigate to the folder, configure and install:

$ cd modsecurity-apache*
$ ./configure
$ make
$ make install

5. Copy the ModSecurity configuration file into Apache configuration directory:

$ cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf

6. Activate the mod_security and unique_id modules in Apache configuration file. Open /etc/httpd/conf/httpd.conf via text editor and add following line:

LoadModule security2_module modules/mod_security2.so
LoadModule unique_id_module modules/mod_unique_id.so

7. Now we need to turn on the protection in ModSecurity configuration file. Open /etc/httpd/conf.d/modsecurity.conf via text editor and change following line:

SecRuleEngine DetectionOnly

To:

SecRuleEngine On

8. Restart Apache so mod_security can be loaded into Apache environment:

$ service httpd restart

Done! Your website now has been protected with Apache ModSecurity. You can tweak the rules inside modsecurity.conf files to suit your website requirement. You can check what is happening by reviewing the log file located under /var/log/modsec_audit.log.

6 thoughts on “Install ModSecurity in Apache2 – The Easiest Way

  1. Super and excellent
    Really appriciate on your easy to follow the step by step guide to install the Mod_security.
    Thank you very much again.
    only this line i found missing and got from other site
    yum install httpd-devel
    regarding to instal the APXS

    thanks again.

    Reply

    1. Hi Nick, i have made some correction to the post by installing Apache with wildcard (httpd*) to include httpd-devel package as well. Thanks for the feedback!

      Reply

  2. Thank you for the tip. I found that on my CentOS 6 server, I also needed to do

    yum install expat*

    Or it would fail to compile with a

    /usr/bin/ld: cannot find -lexpat

    Reply

    1. The problem is with
      LoadModule unique_id_module modules/mod_unique_id.so
      I commented it and everything went ok… what is this module for?

      Reply

      1. unique_id is required by mod_security for audit log purposes. If you do not want to track or debug any problem happens regards to mod_security, which surely required you to analyze the log, you may proceed with that.

        Reply

Leave a Reply

Your email address will not be published. Required fields are marked *