Configure mod_security for Apache on Centos 7
ModSecurity and mod_evasive are free Apache modules which protect your web server from various brute force or (D)DoS attacks, including SQL injection, cross-site scripting, session hijacking, and many others types of attacks..
Mod_security is an apache module that helps to protect your website from various attacks. It is used to block commonly known exploits by use of regular expressions . Mod_Security can potentially block common code injection attacks which strengthens the security of the server. If you need to disable the mod_security rules we can show you how, and help you do so.
When coding a dynamic website, sometimes users forget to write code to help prevent hacks by doing things such as validating input. Mod_security can help in some cases those users that run sites that don’t have security checks in their code.
Here i will explain how to install and configure mod_security Apache on Centos.
Modsecurity module installation:
To install above modules first we need to install EPEL yum repository on the server. Run the following command to install and enable EPEL repository,
sudo yum --enablerepo=epel install mod_security mod_evasive
Install mod security and predefined rules:
# yum install mod_security mod_security_crs
To activate mod security module we need make it to enable from configuration file.
Make necessary changes as below:
Set SecRuleEngine On to activate rules, you can disable it by keeping it off
On – Rules are activated
Off – Rules are Deactivated
DetectionOnly – Only Intercepts and logs Transactions
Once done with above restart Apache service.
#service httpd restart
You can check in Apache error logs whether mod security is enabled..
Important mod security configuration files.
Core mod security config file: /etc/httpd/conf.d/mod_security.conf
Debug log file: /var/log/httpd/modsec_debug.log
Audit log – /var/log/httpd/modsec_audit.log