It looks like you're new here. If you want to get involved, click one of these buttons!
Sign In RegisterIt looks like you're new here. If you want to get involved, click one of these buttons!
ModSecurity is an Apache plug-in module that works as a firewall. It works with rule sets, which enable you to modify and adjust the security of your server.
ModSecurity may also help you identify and respond to breaches by monitoring web traffic in real-time.
So in this guide, you will see how to install ModSecurity with Apache webserver on your VPS.
First of all, you need to install Apache on your VPS. For that, you can use this guide.
sudo apt install libapache2-mod-security2 -y
sudo a2enmod headers
sudo systemctl restart apache2
Now ModSecurity should be installed on your VPS.
Since ModSecurity is a firewall, it requires rules to function.
sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
With a text editor such as vim (or nano), open /etc/modsecurity/modsecurity.conf and change the value for SecRuleEngine to On.
Then restart Apache:
sudo systemctl restart apache2
The next step in the process is to set up a rule set to actively prevent your web server from attacks. For this, we will implement the OWASP Core Rule Set.
The OWASP ModSecurity Core Rule Set (CRS) is a collection of threat detection rules that may be used with ModSecurity or other compatible web application firewalls. With a minimal of false warnings, the CRS tries to defend online applications from a wide range of attacks.
sudo rm -rf /usr/share/modsecurity-crs
sudo apt install git
sudo git clone https://github.com/coreruleset/coreruleset /usr/share/modsecurity-crs
sudo mv /usr/share/modsecurity-crs/crs-setup.conf.example /usr/share/modsecurity-crs/crs-setup.conf
sudo mv /usr/share/modsecurity-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example /usr/share/modsecurity-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
Now OWASP-CRS should be set up.
<IfModule security2_module>
SecDataDir /var/cache/modsecurity
Include /usr/share/modsecurity-crs/crs-setup.conf
Include /usr/share/modsecurity-crs/rules/*.conf
</IfModule>
Note 1: If you are running a website that uses SSL, add SecRuleEngine directive to that website’s configuration file as well.
sudo systemctl restart apache2
You can test ModSecurity by performing a simple local file inclusion attack by running the following command:
curl http://<SERVER-IP/DOMAIN>/index.php?exec=/bin/bash
In <SERVER-IP/DOMAIN> write your VPS IP address or your domain hosted on your server.
If ModSecurity has been configured correctly and is actively blocking attacks, you should get in the output this message:
You don't have permission to access this resource.