In this tutorial we will show you how to install and configuration of mod_security apache on your Ubuntu 14.04 server. For those of you who didn’t know, Mod_security is an Apache module that helps to protect your website from various attacks such as cross-site scripting, SQL injection attacks, path traversal attacks etc. Mod_evasive is an Apache module that helps to prevent HTTP DoS (DDoS) attacks or server brute force attacks. It operates embedded into the web server, acting as a powerful umbrella, shielding applications from attacks.
This article assumes you have at least basic knowledge of linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple. I will show you through the step by step install Mod_Security apache in ubuntu 14.04 server.
Install Mod_Security Apache on Ubuntu 14.04
Step 1. First make sure that all your system packages are up-to-date by running these following apt-get commands in the terminal.
Step 2. Installing Mod_Security on Ubuntu 14.04.
Install Mod_Security and all dependencies using the following command:
If your Ubuntu is 64 bit, you need to fix a bug:
Configuring Mod_Security rules
Step 3. Configuring Mod_Security rules.
First activate the rules by editing and set the ‘SecRuleEngine’ option to on:
Edit the following to option to increase the request limit to 10 MB and save the file:
The mod_security rules are available in following directories:
Configure OWASP (Open Web Application Security Project)
Step 4. Download and configure OWASP (Open Web Application Security Project) core rule set for a base configuration.
Open the Apache configuration file and add the following lines at the end of the file:
# nano /etc/apache2/mods-available/mod-security.conf
Run the following command to enable Apache modules:
Next, restart the Apache service to enable mod_security module:
Step 5. Check if mod_security modules are enabled on your server:
Congratulation’s! You have successfully installed mod_security apache. Thanks for using this tutorial for installting mod_security apache web server on ubuntu 14.04 systems. For additional help or useful information, we recommend you to check the official Apache web site.