KEMBAR78
ModSecurity Setup for Apache Users | PDF | Networking | Internet & Web
Scribd
Upload
145 views13 pages

ModSecurity Setup for Apache Users

This document provides steps to set up ModSecurity, an open-source web application firewall, with the Apache web server on Debian/Ubuntu systems. It involves installing ModSecurity and its dependencies, enabling the module, downloading rule sets, and configuring Apache to use the rules. The configuration is tested by creating a blocking rule that denies access to a test URL parameter.

Uploaded by

vpalmar8871
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
145 views13 pages

ModSecurity Setup for Apache Users

This document provides steps to set up ModSecurity, an open-source web application firewall, with the Apache web server on Debian/Ubuntu systems. It involves installing ModSecurity and its dependencies, enabling the module, downloading rule sets, and configuring Apache to use the rules. The configuration is tested by creating a blocking rule that denies access to a test URL parameter.

Uploaded by

vpalmar8871
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 13

14/11/22, 7:58 How to Set Up ModSecurity with Apache on Debian/Ubuntu

Menu

Menu

How to Set Up ModSecurity with


Apache on Debian/Ubuntu
James Kiarie Last Updated: May 24, 2022 Apache, Debian, Ubuntu 9 Comments

The Apache web server is highly customizable and can be configured in multiple ways
to suit your needs. There are many third-party modules that you can use to configure
Apache to your preference.

ModSecurity is an open-source WAF (Web Application Firewall) that is native to the


Apache webserver. It was initially an Apache module only but has grown over the year
to become a fully-fledged web app firewall. It is now supported by Nginx and even IIS.

https://www.tecmint.com/install-modsecurity-with-apache-on-debian-ubuntu/ 1/23
14/11/22, 7:58 How to Set Up ModSecurity with Apache on Debian/Ubuntu

ModSecurity inspects incoming requests to the webserver against a predefined set of


rules. Typically, it provides a set of rules known as CRS (Core Rule Set) that protect a
website from an array of web application attacks such as SQL injection, XSS, and
session hijacking among other exploits.

Linux Foundation LFCS and LFCE Certification Preparation Guide - Get This Book
[ You might also like: 5 Tools to Scan a Linux Server for Malware and Rootkits ]

The ModSecurity application firewall forms an integral part of PCI DSS compliance in
shielding sites from external attacks. When the module is enabled it triggers a ‘403
Forbidden Error’ which simply implies that you have insufficient permissions to access
the resource on the webserver.

In this guide, we will show you how to set up and configure ModSecurity to work with
Apache on Debian and Ubuntu Linux.

Step 1: Install ModSecurity on Ubuntu


The first step is to install ModSecurity. We will begin by, first, refreshing the package
lists as follows:

$ sudo apt update

Next, install the ModSecurity package alongside other dependencies and libraries.

$ sudo apt install libapache2-mod-security2

https://www.tecmint.com/install-modsecurity-with-apache-on-debian-ubuntu/ 2/23
14/11/22, 7:58 How to Set Up ModSecurity with Apache on Debian/Ubuntu

Install ModSecurity on Ubuntu

Afterward, enable the module.

$ sudo a2enmod security2

Then restart the Apache webserver to apply the changes.

$ sudo systemctl restart apache2

At this point, ModSecurity is successfully installed. Let’s now configure it.

Step 2: Configure ModSecurity in Ubuntu


By default, ModSecurity is only configured to detect and log suspicious activity. We
need to go an extra step and configure it to not only detect but also block suspicious
activity.

Copy, the default ModSecurity configuration file – modsecurity.conf-recommended –


to a new file as provided in the command below.

$ sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurit

https://www.tecmint.com/install-modsecurity-with-apache-on-debian-ubuntu/ 3/23
14/11/22, 7:58 How to Set Up ModSecurity with Apache on Debian/Ubuntu

Using your preferred text editor, open the file

$ sudo nano /etc/modsecurity/modsecurity.conf

Locate the line:

SecRuleEngine DetectionOnly

Set it to:

SecRuleEngine On

Configure ModSecurity on Ubuntu

https://www.tecmint.com/install-modsecurity-with-apache-on-debian-ubuntu/ 4/23
14/11/22, 7:58 How to Set Up ModSecurity with Apache on Debian/Ubuntu

Save the changes and exit the file.

To apply the changes in Apache, restart the webserver.

$ sudo systemctl restart apache2

Step 3: Download OWASP ModSecurity Core


Ruleset
The next step is to download the latest OWASP ModSecurity Core Rule Set (CRS) from
the GitHub page.

Clone the OWASP git repository as shown.

$ git clone https://github.com/coreruleset/coreruleset.git

Navigate into the directory.

$ cd coreruleset/

https://www.tecmint.com/install-modsecurity-with-apache-on-debian-ubuntu/ 5/23
14/11/22, 7:58 How to Set Up ModSecurity with Apache on Debian/Ubuntu

Be sure to move the crs-setup.conf.example file to the modsecurity directory and


rename it as crs-setup.conf.

$ sudo mv crs-setup.conf.example /etc/modsecurity/crs-setup.conf

In addition, move the rules directory to the modsecurity directory as well.

$ sudo mv rules/ /etc/modsecurity/

Next, edit the security2.conf file.

$ sudo nano /etc/apache2/mods-enabled/security2.conf

Ensure that it contains the following lines.

IncludeOptional /etc/modsecurity/*.conf

Include /etc/modsecurity/rules/*.conf

https://www.tecmint.com/install-modsecurity-with-apache-on-debian-ubuntu/ 6/23
14/11/22, 7:58 How to Set Up ModSecurity with Apache on Debian/Ubuntu

Configure ModSecurity Rules on Ubuntu

Then restart Apache for the changes to persist.

$ sudo systemctl restart apache2

Let us now test our ModSecurity configuration.

Step 4: Testing the ModSecurity Configuration on


Ubuntu
Lastly, we need to test that ModSecurity can detect and block suspicious HTTP traffic.
To achieve this, we need to edit the default virtual host file.

$ sudo nano /etc/apache2/sites-available/000-default.conf

https://www.tecmint.com/install-modsecurity-with-apache-on-debian-ubuntu/ 7/23
14/11/22, 7:58 How to Set Up ModSecurity with Apache on Debian/Ubuntu

SABRENT USB-C 3.0…


$18.99

Next, we will create a blocking rule that will block access to a certain URL when
accessed by a web browser.

Append these lines at the end before the ‘Virtualhost’ closing tag.

SecRuleEngine On

SecRule ARGS:testparam "@contains test" "id:254,deny,status:403,msg:'

Feel free to set the ‘id’ and ‘msg’ tags to whatever desirable values.

Test ModSecurity on Ubuntu

Then restart the Apache webserver to apply the changes made to the virtual host
configuration file.

$ sudo systemctl restart apache2

https://www.tecmint.com/install-modsecurity-with-apache-on-debian-ubuntu/ 8/23
14/11/22, 7:58 How to Set Up ModSecurity with Apache on Debian/Ubuntu

On your web browser, try to visit the URL shown with ?testparam=test at the end.

http://server-ip/?testparam=test

You get a ‘403 Forbidden error’ indicating that you have been blocked from accessing
the resource.

ModSecurity 403 Forbidden Error

You can further confirm the client was blocked by checking the error logs as follows.

$ cat /var/log/apache2/error.log | grep “Test Successful”

Check Apache Logs

https://www.tecmint.com/install-modsecurity-with-apache-on-debian-ubuntu/ 9/23
14/11/22, 7:58 How to Set Up ModSecurity with Apache on Debian/Ubuntu

[ You might also like: How to Install ModSecurity for Nginx on Debian/Ubuntu ]

This is confirmation that we have successfully set up ModSecurity to detect and block
unwanted traffic. In this guide, we have walked you through the process of setting up
ModSecurity with Apache on Debian/Ubuntu systems.

How to Install Magento on Rocky How to Compile ONLYOFFICE Desktop


Linux and AlmaLinux Editors on Ubuntu 

If you liked this article, then do subscribe to email alerts for Linux tutorials. If you
have any questions or doubts? do ask for help in the comments section.

If You Appreciate What We Do Here On TecMint, You


Should Consider:

https://www.tecmint.com/install-modsecurity-with-apache-on-debian-ubuntu/ 10/23
14/11/22, 7:58 How to Set Up ModSecurity with Apache on Debian/Ubuntu

TecMint is the fastest growing and most trusted community site for
any kind of Linux Articles, Guides and Books on the web. Millions of
people visit TecMint! to search or browse the thousands of
published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee
( or 2 ) as a token of appreciation.

We are thankful for your never ending support.

Related Posts

“Forbidden – You don’t have permission to access / on this server” Error

https://www.tecmint.com/install-modsecurity-with-apache-on-debian-ubuntu/ 11/23
14/11/22, 7:58 How to Set Up ModSecurity with Apache on Debian/Ubuntu

How to Install WordPress on RHEL 8 with Apache

How to Install WordPress Ubuntu Using LAMP Stack

https://www.tecmint.com/install-modsecurity-with-apache-on-debian-ubuntu/ 12/23
14/11/22, 7:58 How to Set Up ModSecurity with Apache on Debian/Ubuntu

Secure Apache with Let’s Encrypt Certificate on Rocky Linux

How to Configure Apache Virtual Hosts on Rocky Linux

How to Install LAMP Stack on Rocky Linux 8

https://www.tecmint.com/install-modsecurity-with-apache-on-debian-ubuntu/ 13/23

You might also like