Easy way to integrate Apache with modsecurity on Ubuntu

ModSecurity WAF (Web Application Firewall ) is an open source software firewall that is used to safeguard applications from attacks & unauthorised access. ModSecurity WAF can be used as a module with already installed Apache web server or also with Nginx server or IIS. It continuously checks the incoming traffic & performs real time analysis .

The best feature that makes ModSecurity wonderful is that it supports flexible rule engine using which we can safeguard our applications from a number of threats like XSS attacks, SQL injection attacks, Local file include, remote file include attacks etc.

Recommended Read : How to use Apache as Reverse Proxy on CentOS & RHEL

Also Read : Redirect http to https: Apache Server 

In this tutorial, we will learn to integrate Apache with modsecurity on Ubuntu systems. So let’s start with pre-requisites,

Pre-requisites

Before we can intergrate Apache with modsecurity, we must have LAMP server installed on our systems. To install LAMP on Ubuntu system, please refer to the detailed article HERE. Once we have installed it, we can now proceed to use apache with modsecurity.

Also we will need git installed on our system, install git with the following command,

$ sudo apt-get install git

You can also refer to detailed tutorial for GIT.

 

Installing ModSecurity

To install ModSecurity, open the terminal & execute the following command,

$ sudo apt-get install libapache2-modsecurity

Once the installation has been completed, we can also check whether the module has been loaded or not using the following command,

$ apachectl -M | grep security

& we should get the following output,

security2_module (shared)

 

Configuring ModSecurity

Next step will be configure modsecurity, so that we can use apache with modsecurity module. When we install modsecurity, a sample configuration file for apache is also installed & we can use this file to configure WAF. First create a copy of the file,

$ cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf

Now edit the file & make the following changes to the file,

$ sudo nano /etc/modsecurity/modsecurity.conf

Change the following in the file,

SecRuleEngine On                              # it should be “SecRuleEngine DetectionOnly ” by default

Once done, save the file & exit. Next, restart the apache service to implement the changes,

$ sudo systemctl restart apache2

 

Configuring rules for ModSecurity

Until now, we have integrated Apache with modsecurity. Now we will install CoreRule Set aka CRS to be able to fully utilize modsecurity. CRS is basically a collection of rules which tells how a web server should behave under certain conditions.

When ModSecurity is installed, a default set of CRS is also installed under /usr/share/modsecurity-crs. We should remove this folder & install CRS using the above method.

$ rm -rf /usr/share/modsecurity-crs

Next download the latest CRS with the following command,

$ git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git /usr/share/modsecurity-crs

$ cd /usr/share/modsecurity-crs

Now to enable the rules in apache configuration, so open the following file,

$ sudo nano /etc/apache2/mods-enabled/security2.conf

& add the following lines in the files (or modify if already there)

<IfModule security2_module>

SecDataDir /var/cache/modsecurity

IncludeOptional /etc/modsecurity/*.conf

IncludeOptional “/usr/share/modsecurity-crs/*.conf

IncludeOptional “/usr/share/modsecurity-crs/rules/*.conf

</IfModule>

Save the file & exit, than restart the apache service to implement the changes,

$ sudo systemctl restart apache2

That’s it, we have successfully integrated apache with modsecurity & we can now check the modsecurity logs to make sure that everything is fine,

$ tail -f /var/log/apache2/modsec_audit.log

This was our tutorial on how we can use Apache with modsecuriyt WAF to secure our servers. Please feel free to send in any questions or queries using the comment box below.

If you have found this article to be useful, please share it among your friends/colleagues/followers. THANKS !!!

If you think we have helped you or just want to support us, please consider these :-

Connect to us: Facebook | Twitter | Google Plus

Donate us some of your hard earned money:

Linux TechLab is thankful for your continued support.

Shusain

Passionate about Linux & open source. Loves to learn, read & write about Linux as well as new technologies.

You may also like...

2 Responses

  1. Deepak says:

    Good tutorial. Thanks …

    But It would be better if you add some steps to exclude owasp CRS rules which affects some valid http requests in a production environment.

Leave a Reply

Your email address will not be published. Required fields are marked *