LinuxTutorialsUbuntu

How To Install Mod_Security Apache on Ubuntu 14.04

Install Mod_Security Apache on Ubuntu 14.04

In this tutorial, we will show you how to install and configure mod_security apache on your Ubuntu 14.04. For those of you who didn’t know, Mod_security is an Apache module that helps to protect your website from various attacks such as cross-site scripting, SQL injection attacks, path traversal attacks, etc. Mod_evasive is an Apache module that helps to prevent HTTP DoS (DDoS) attacks or server brute force attacks. It operates embedded into the web server, acting as a powerful umbrella, shielding applications from attacks.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple. I will show you through the step-by-step install Mod_Security apache on the ubuntu 14.04 server.

Prerequisites

  • A server running one of the following operating systems: Ubuntu 14.04, and any other Debian-based distribution.
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • SSH access to the server (or just open Terminal if you’re on a desktop).
  • A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install Mod_Security Apache on Ubuntu 14.04

Step 1. First, make sure that all your system packages are up-to-date by running the following apt-get commands in the terminal.

sudo apt-get update
sudo apt-get upgrade

Step 2. Installing Mod_Security on Ubuntu 14.04.

Install Mod_Security and all dependencies using the following command:

sudo apt-get install libxml2 libxml2-dev libxml2-utils libaprutil1 libaprutil1-dev libapache-mod-security

If your Ubuntu is 64 bit, you need to fix a bug:

sudo ln -s /usr/lib/x86_64-linux-gnu/libxml2.so.2 /usr/lib/libxml2.so.2

Configuring Mod_Security rules

Step 3. Configuring Mod_Security rules.

sudo mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
sudo nano /etc/modsecurity/modsecurity.conf

First, activate the rules by editing and setting the ‘SecRuleEngine’ option to on:

SecRuleEngine On

Edit the following option to increase the request limit to 10 MB and save the file:

SecRequestBodyLimit 10000000
SecRequestBodyInMemoryLimit 10000000

The mod_security rules are available in the following directories:

/usr/share/modsecurity-crs/base_rules
/usr/share/modsecurity-crs/optional_rules
/usr/share/modsecurity-crs/experimental_rules

Configure OWASP (Open Web Application Security Project)

Step 4. Download and configure OWASP (Open Web Application Security Project) core rule set for a base configuration.

sudo apt-get install git
sudo git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
sudo mv /usr/share/modsecurity-crs /usr/share/modsecurity-crs.bak
sudo mv owasp-modsecurity-crs /usr/share/modsecurity-crs
sudo mv /usr/share/modsecurity-crs/modsecurity_crs_10_setup.conf.example /usr/share/modsecurity-crs/modsecurity_crs_10_setup.conf

Open the Apache configuration file and add the following lines at the end of the file:

# nano /etc/apache2/mods-available/mod-security.conf
Include "/etc/modsecurity/owasp-crs/activated_rules/*.conf"

Run the following command to enable Apache modules:

sudo a2enmod headers
sudo a2enmod security2

Next, restart the Apache service to enable the mod_security module:

service apache2 restart

Step 5. Check if mod_security modules are enabled on your server:

sudo apachectl -M | grep security2
security2_module (shared)

Congratulations! You have successfully installed mod_security apache. Thanks for using this tutorial for installing the mod_security apache web server on ubuntu 14.04 systems. For additional help or useful information, we recommend you check the official Apache website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!

Save

r00t

r00t is a seasoned Linux system administrator with a wealth of experience in the field. Known for his contributions to idroot.us, r00t has authored numerous tutorials and guides, helping users navigate the complexities of Linux systems. His expertise spans across various Linux distributions, including Ubuntu, CentOS, and Debian. r00t's work is characterized by his ability to simplify complex concepts, making Linux more accessible to users of all skill levels. His dedication to the Linux community and his commitment to sharing knowledge makes him a respected figure in the field.
Back to top button