CentOSLinuxTutorials

How To Install Mod_Security Apache on CentOS 7

Install Mod_Security Apache on CentOS 7

In this tutorial, we will show you how to install Mod_Security Apache on CentOS 7. For those of you who didn’t know, ModSecurity is an open-source, cross-platform web application firewall (WAF) developed by Trustwave’s SpiderLabs. It has a robust event-based programming language that provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging, and real-time analysis.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of ModSecurity on a CentOS 7 server.

Prerequisites

  • A server running one of the following operating systems: CentOS 7.
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • SSH access to the server (or just open Terminal if you’re on a desktop).
  • A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install Mod_Security Apache on CentOS 7

Step 1. First, let’s start by ensuring your system is up-to-date.

yum clean all
yum -y update

Step 2. Installing Mod_Security Apache on CentOS

Install Dependencies for mod_security:

yum install gcc make httpd-devel libxml2 pcre-devel libxml2-devel curl-devel git

Next, download the latest stable release of mod_security source code from their official website to your server:

wget https://github.com/SpiderLabs/ModSecurity/releases/download/v2.9.5/modsecurity-2.9.5.tar.gz
tar xzf modsecurity-2.9.5.tar.gz
cd modsecurity-apache_2.9.5
./configure
make install
cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf
cp unicode.mapping /etc/httpd/conf.d/

Step 3. Configuring Mod_Security.

# nano /etc/httpd/conf/httpd.conf
LoadModule security2_module modules/mod_security2.so

Now set the basic rule set in your httpd.conf file. Add the following lines of code at the end of the file:

<IfModule security2_module>
    Include conf.d/modsecurity.conf
</IfModule>

Save the changes and restart Apache:

systemctl restart httpd

Step 4. Download and configure OWASP (Open Web Application Security Project) core rule set for a base configuration.

cd /etc/httpd
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
mv owasp-modsecurity-crs modsecurity-crs
cd modsecurity-crs
cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_config.conf

Open the Apache configuration file again, and add the following lines at the end of the file:

# nano /etc/httpd/conf/httpd.conf

Include modsecurity-crs/modsecurity_crs_10_config.conf
Include modsecurity-crs/base_rules/*.conf

Next, restart the Apache service to enable the mod_security module:

systemctl restart httpd

Congratulations! You have successfully installed Mod_Security. Thanks for using this tutorial for installing Mod_Security on CentOS 7 system. For additional help or useful information, we recommend you check the official ModSecurity website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!

r00t

r00t is a seasoned Linux system administrator with a wealth of experience in the field. Known for his contributions to idroot.us, r00t has authored numerous tutorials and guides, helping users navigate the complexities of Linux systems. His expertise spans across various Linux distributions, including Ubuntu, CentOS, and Debian. r00t's work is characterized by his ability to simplify complex concepts, making Linux more accessible to users of all skill levels. His dedication to the Linux community and his commitment to sharing knowledge makes him a respected figure in the field.
Back to top button