How to Secure Your Apache 2.x Web Server
With Mod Security in Unix/Linux
ModSecurity is an open source web application firewall. Working
embedded in the web server, or standalone as a network appliance, This WAF can
help you to detect and prevents attacks against web applications.
- Cross-Site Scripting (XSS)
- Backdoors Detection
- Trojans
- ASP/PHP Injection
- SQL & Command Injection, etc.
In this guide we will help you
install the mod_security module on a web server running Ubuntu/Debian. For
Debian, you have to login as root. ModSecurity works only with Apache 2
and higher.
Installation
1. To install ModSecurity on Ubuntu,
open the terminal (Ctrl+Alt+T) and run this command:
sudo
apt-get install libapache2-modsecurity
2. Create now directory for
ModSecurity in the Apache2 folder:
sudo
mkdir /etc/apache2/modsecurity
3. Create now the configuration file
for ModSecurity, which will be loaded by Apache, using this command:
sudo
gedit /etc/apache2/conf.d/modsecurity.conf
Add the following code, save and
exit.
##
/etc/init.d/apache2/conf.d/modsecurity.conf
Include
modsecurity/*.conf
4. ModSecurity rules using these two
commands:
cd
/etc/apache2/modsecurity
sudo
cp -R /usr/share/modsecurity-crs/base_rules/* .
5. Modified and correct the line
in the modsecurity_crs_20_protocol_violations.conf file.
sudo
gedit /etc/apache2/modsecurity/
modsecurity_crs_20_protocol_violations.conf
We need to replace this line:
SecRule
REQBODY_ERROR "!@eq 0"
with
this one:
SecRule
REQBODY_PROCESSOR_ERROR "!@eq 0"
Save and exit.
6. Restart now the Apche web server.
sudo
/etc/init.d/apache2 restart
7. To verify if the ModSecurity
module is loaded in Apache.
cat
/var/log/apache2/error.log | grep modsecurity
The output must be like this:
ModSecurity for Apache/2.6.0 (URL)
configured.
Visit Official Link: ModSecurity
Source
0 comments:
Post a Comment