To install ModSecurity on Debian/Ubuntu Apache web server, run
apt-get install libapache2-mod-security2
Restart Apache web server
service apache2 restart
Verify mod_security installed with
apachectl -M | grep security
To activate ModSecurity rules, run
cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
Edit
vi /etc/modsecurity/modsecurity.conf
set
SecRuleEngine = on
Get latest rules
mv /usr/share/modsecurity-crs /usr/share/modsecurity-crs.bk git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git /usr/share/modsecurity-crs
Emable the config file
cp /usr/share/modsecurity-crs/crs-setup.conf.example /usr/share/modsecurity-crs/crs-setup.conf
Edit file
vi /etc/apache2/mods-enabled/security2.conf
Add
IncludeOptional /usr/share/modsecurity-crs/*.conf IncludeOptional "/usr/share/modsecurity-crs/rules/*.conf
Restart Apache
service apache2 restart
Leave a Reply