Configure mod_security for Apache on Centos 7

                                  Configure mod_security for Apache on Centos 7

ModSecurity and mod_evasive are free Apache modules which protect your web server from various brute force or (D)DoS attacks, including SQL injection, cross-site scripting, session hijacking, and many others types of attacks..

 

Mod_security is an apache module that helps to protect your website from various attacks. It is used to block commonly known exploits by use of regular expressions . Mod_Security can potentially block common code injection attacks which strengthens the security of the server. If you need to disable the mod_security rules we can show you how, and help you do so.

When coding a dynamic website, sometimes users forget to write code to help prevent hacks by doing things such as validating input. Mod_security can help in some cases those users that run sites that don’t have security checks in their code.

Here i will explain how to install and configure mod_security Apache on Centos.

Modsecurity module installation:

 To install above modules first we need to install EPEL yum repository on the server. Run the following command to install and enable EPEL repository,

# rpm -ivh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-8.noarch.rpm

#sudo yum --enablerepo=epel install mod_security mod_evasive

 

mod_security_html_m7c90e4b9

 

Install mod security and predefined rules:

 # yum install mod_security mod_security_crs

 To activate mod security module we need make it to enable from configuration file.

 Make necessary changes as below:

 #vi /etc/httpd/conf.d/mod_security.conf

 Set SecRuleEngine On to activate rules, you can disable it by keeping it off

On – Rules are activated
Off – Rules are Deactivated
DetectionOnly – Only Intercepts and logs Transactions

 Once done with above restart Apache service.

#service httpd restart

You can check in Apache error logs whether mod security is enabled..

mod_security_html_736dc50b

Important mod security configuration files.

Core mod security config file: /etc/httpd/conf.d/mod_security.conf

Debug log file: /var/log/httpd/modsec_debug.log

Audit log – /var/log/httpd/modsec_audit.log

 

 

 

Leave a comment

Your email address will not be published.


*