Install ModSecurity on Ubuntu/Debian

Written by

Yujin Boby

To install ModSecurity on Debian/Ubuntu Apache web server, run

apt update
apt-get install libapache2-mod-security2

Enable mod security and restart Apache web server

a2enmod security2
service apache2 restart

Verify mod_security installed with

apachectl -M | grep security

You will see something like

root@sok-modsec:~# apachectl -M | grep security
 security2_module (shared)
root@sok-modsec:~#

To activate ModSecurity rules, run

cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf

Edit

vi /etc/modsecurity/modsecurity.conf

set

SecRuleEngine On

Restart Apache

service apache2 restart

Verify mod security is working with command

curl -i "http://server-ip-here/?q=%3Cscript%3Ealert(%27test%27)%3C/script%3E"

You should see “403 Forbidden” error,

boby@sok-01:~$ curl -i "http://10.95.0.24/?q=%3Cscript%3Ealert(%27test%27)%3C/script%3E"
HTTP/1.1 403 Forbidden
Date: Wed, 15 Oct 2025 03:03:32 GMT
Server: Apache/2.4.58 (Ubuntu)
Content-Length: 275
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this resource.</p>
<hr>
<address>Apache/2.4.58 (Ubuntu) Server at 10.95.0.24 Port 80</address>
</body></html>
boby@sok-01:~$

Here is another test url, which should result in 403 Forbidden message

curl 'http://server-ip-here/?foo=/etc/passwd&bar=/bin/sh'

To view mod security logs, run

tail -f /var/log/apache2/modsec_audit.log

Back to mod security

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts