The mod_security module for the Apache web server provides advanced security features to help protect web applications from various attacks, such as SQL injection, Cross-site Scripting (XSS), and many others. Its functionality involves processing incoming requests to the server and filtering them based on defined rules. In this article, we will describe how to install and configure mod_security on an Apache web server.

Installation of mod_security

1. Prerequisites

   • Installed and running Apache web server.
   • Access to the server with superuser (root) privileges.

2. Installation using Package Manager (for Debian/Ubuntu)

   • Run the command sudo apt-get update to update the package index.
   • Install the module by running sudo apt-get install libapache2-mod-security2.

3. Installation on CentOS/RHEL

   • First, update the system using sudo yum update.
   • Then install mod_security using sudo yum install mod_security.

Activation of the Module After installation, it is necessary to activate the module in Apache. This is usually done automatically, but if needed, you can manually activate the module using the command sudo a2enmod security2 on Debian/Ubuntu or verify that in the Apache configuration file there is an inclusion of LoadModule security2_module modules/mod_security2.so.

Basic Configuration of mod_security

1. Configuration Files

   • The main configuration file for mod_security is usually located in /etc/apache2/mods-available/security2.conf on Debian/Ubuntu or /etc/httpd/conf.d/mod_security.conf on CentOS/RHEL.
   • To activate basic protection, navigate to the directory with mod_security rules, typically located in /etc/modsecurity, and copy the sample configuration file using cp modsecurity.conf-recommended modsecurity.conf.

2. Rule Writing

   • Mod_security operates based on rules that define which types of requests are considered suspicious or harmful. These rules can be modified or added in the modsecurity.conf file.
   • For starters, you can use the OWASP ModSecurity Core Rule Set (CRS), which provides a good baseline level of protection. The rule set can be downloaded from GitHub and then unpacked into the rules directory.

3. Testing Configuration

   • After setting up the rules, it is advisable to perform a test of the Apache configuration using the command sudo apache2ctl configtest (or sudo httpd -t on CentOS/RHEL).
   • If the test passes without errors, restart Apache using sudo systemctl restart apache2 or sudo systemctl restart httpd to apply the changes.

The installation and basic configuration of the mod_security module are crucial steps in enhancing the security of an Apache web server. Thanks to its flexible rule system, mod_security can be customized to meet the specific needs of each website. However, it is essential to regularly update and adapt the rules to newly discovered threats.