mod_security on Apache
ModSecurity is a web application firewall for the Apache web server. In addition to providing logging capabilities, ModSecurity can monitor the HTTP traffic in real time in order to detect attac s. ModSecurity also operates as a web intrusion detection tool, allowing you to react to suspicious events that ta e place at your web system
Mod security is a free Web Application Firewall (WAF) that works with Apache, Nginx and II ! It supports a flexible rule engine to perfor" si"ple and co"plex operations and co"es with a #ore $ule et (#$ ) which has rules for %& in'ection, cross site scripting, (ro'ans, bad user agents, session hi'acking and a lot of other exploits! For Apache, it is an additional "odule which "akes it easy to install and configure!
To install ModSecurity on a !inode running "ent#S or $edora, perform the following steps% &. Install the '"" compiler and the dependancies by entering the following commands, one by one% (. )ou*ll need to install mod+security from source as there is no maintained pac age "ent#S or $edora yet. 'rab the mod+security pac age and install it by entering the following commands, one by one%
5. cd /usr/src 6. wget http://www.modsecurity.org/download/modsecurity-apache 2.6.2.tar.g! ". tar x!# modsecurity-apache 2.6.2.tar.g! $. cd modsecurity-apache 2.6.2 %. ./con#igure &'. make install &&. cp modsecurity.con#-recommended /etc/httpd/con#.d/modsecurity.con#
)*! ,ow you*ll need to modify your Apache configuration to load the ModSecurity module.
$ind the !oadModule section in httpd.con# and add this line to the end% File:/etc/httpd/conf/httpd.conf
(oad)odule security2 module modules/mod security2.so
&-. .estart Apache by entering the following command%
&*. sudo /etc/init.d/httpd restart