Webhosting Blog

Configuring mod_security 2 on linux server


What Is ModSecurity?

ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.

Follow the following steps in order to install mod_security on your server.

1) Login to the server as root.

2) Go to directory /etc.

[root@server~]# cd /etc

3) Download the respective file.

[root@server~]# wget http://hyperois.com/files/modsec2_rules.tar.gz

4) Lets uncompress the file.

[root@server]# tar -xzvf modsec2_rules.tar.gz

5) Edit the modsec2.conf file.

[root@server~]# vi /usr/local/apache/conf/modsec2.conf

6) Now copy and paste following rules in your modsec2.conf file.

<IfModule mod_security2.c>
SecRuleEngine On
# “Add the rules that will do exactly the same as the directives”
# SecFilterCheckURLEncoding On
# SecFilterForceByteRange 0 255
SecAuditEngine RelevantOnly
SecAuditLog logs/modsec_audit.log
SecDebugLog logs/modsec_debug_log
SecDebugLogLevel 0
SecDefaultAction “phase:2,deny,log,status:406?
SecRule REMOTE_ADDR “^127.0.0.1$” nolog,allow
Include “/usr/local/apache/conf/modsec2.user.conf”

SecServerSignature “Rules Powered By HyperOIS.com”

#First, add in your exclusion rules:
#These MUST come first!
Include /etc/modsecurity/exclude.conf

#Application protection rules
Include /etc/modsecurity/rules.conf

#Just in Time Patches for Vulnerable Applications
Include /etc/modsecurity/jitp.conf

#Comment spam rules
Include /etc/modsecurity/blacklist.conf

#Bad hosts, bad proxies and other bad players
Include /etc/modsecurity/blacklist2.conf

#Bad clients, known bogus useragents and other signs of malware
Include /etc/modsecurity/useragents.conf

#Known bad software, rootkits and other malware
Include /etc/modsecurity/rootkits.conf

#Additional rules for Apache 2.x ONLY! Do not add this line if you use Apache 1.x
Include /etc/modsecurity/apache2-rules.conf

</IfModule>

7)Save and exit the file .

8 ) Restart the apache service

[root@server~]# service httpd restart

or

[root@server~]#/etc/init.d/httpd restart

Advertisements

One response

  1. jim

    this is awesome man

    September 10, 2010 at 7:32 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s