Easy way to integrate Apache with modsecurity on Ubuntu
ModSecurity WAF (Web Application Firewall ) is an open source software firewall that is used to safeguard applications from attacks & unauthorised access. ModSecurity WAF can be used as a module with already installed Apache web server or also with Nginx server or IIS. It continuously checks the incoming traffic & performs real time analysis .
The best feature that makes ModSecurity wonderful is that it supports flexible rule engine using which we can safeguard our applications from a number of threats like XSS attacks, SQL injection attacks, Local file include, remote file include attacks etc.
Recommended Read : How to use Apache as Reverse Proxy on CentOS & RHEL
Also Read : Redirect http to https: Apache Server
In this tutorial, we will learn to integrate Apache with modsecurity on Ubuntu systems. So let’s start with pre-requisites,
Before we can intergrate Apache with modsecurity, we must have LAMP server installed on our systems. To install LAMP on Ubuntu system, please refer to the detailed article HERE. Once we have installed it, we can now proceed to use apache with modsecurity.
Also we will need git installed on our system, install git with the following command,
$ sudo apt-get install git
You can also refer to detailed tutorial for GIT.
To install ModSecurity, open the terminal & execute the following command,
$ sudo apt-get install libapache2-modsecurity
Once the installation has been completed, we can also check whether the module has been loaded or not using the following command,
$ apachectl -M | grep security
& we should get the following output,
Next step will be configure modsecurity, so that we can use apache with modsecurity module. When we install modsecurity, a sample configuration file for apache is also installed & we can use this file to configure WAF. First create a copy of the file,
$ cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
Now edit the file & make the following changes to the file,
$ sudo nano /etc/modsecurity/modsecurity.conf
Change the following in the file,
SecRuleEngine On # it should be “SecRuleEngine DetectionOnly ” by default
Once done, save the file & exit. Next, restart the apache service to implement the changes,
$ sudo systemctl restart apache2
Configuring rules for ModSecurity
Until now, we have integrated Apache with modsecurity. Now we will install CoreRule Set aka CRS to be able to fully utilize modsecurity. CRS is basically a collection of rules which tells how a web server should behave under certain conditions.
When ModSecurity is installed, a default set of CRS is also installed under /usr/share/modsecurity-crs. We should remove this folder & install CRS using the above method.
$ rm -rf /usr/share/modsecurity-crs
Next download the latest CRS with the following command,
$ git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git /usr/share/modsecurity-crs
$ cd /usr/share/modsecurity-crs
Now to enable the rules in apache configuration, so open the following file,
$ sudo nano /etc/apache2/mods-enabled/security2.conf
& add the following lines in the files (or modify if already there)
Save the file & exit, than restart the apache service to implement the changes,
$ sudo systemctl restart apache2
That’s it, we have successfully integrated apache with modsecurity & we can now check the modsecurity logs to make sure that everything is fine,
$ tail -f /var/log/apache2/modsec_audit.log
This was our tutorial on how we can use Apache with modsecuriyt WAF to secure our servers. Please feel free to send in any questions or queries using the comment box below.