To install ModSecurity on Debian/Ubuntu Apache web server, run
|
apt-get install libapache2-mod-security2 |
Restart Apache web server
Verify mod_security installed with
|
apachectl -M | grep security |
To activate ModSecurity rules, run
|
cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf |
Edit
|
vi /etc/modsecurity/modsecurity.conf |
set
Get latest rules
|
mv /usr/share/modsecurity-crs /usr/share/modsecurity-crs.bk git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git /usr/share/modsecurity-crs |
Emable the config file
|
cp /usr/share/modsecurity-crs/crs-setup.conf.example /usr/share/modsecurity-crs/crs-setup.conf |
Edit file
|
vi /etc/apache2/mods-enabled/security2.conf |
Add
|
IncludeOptional /usr/share/modsecurity-crs/*.conf IncludeOptional "/usr/share/modsecurity-crs/rules/*.conf |
Restart Apache
[…]
Read More…