UbuntuUbuntu Based

How To Set Up ModSecurity with Apache on Ubuntu 24.04 LTS

Set Up ModSecurity with Apache on Ubuntu 24.04

In today’s digital landscape, securing web applications is of utmost importance. One powerful tool that helps protect your website from common vulnerabilities like SQL injection and cross-site scripting (XSS) attacks is ModSecurity. As a robust Web Application Firewall (WAF), ModSecurity integrates seamlessly with the Apache web server, providing an additional layer of security. In this comprehensive guide, we’ll walk you through the process of setting up ModSecurity with Apache on Ubuntu 24.04 LTS, ensuring your web applications are well-protected.

Prerequisites

Before we dive into the installation and configuration process, ensure that you have the following prerequisites in place:

  • A server running Ubuntu 24.04 LTS
  • Basic knowledge of Linux command-line operations
  • SSH access to the server with sudo privileges

Step 1: Update and Upgrade the System

To begin, it’s crucial to ensure your Ubuntu server is up to date with the latest security patches and software updates. Open your terminal and run the following commands:

sudo apt update
sudo apt upgrade -y

These commands will refresh the package list and upgrade any outdated packages to their latest versions, providing a stable and secure foundation for your server.

Step 2: Install Apache Web Server

Next, we’ll install the Apache web server, which will host your web applications. If you haven’t already installed Apache, you can do so by running the following command:

sudo apt install apache2 -y

Once the installation is complete, you can verify that Apache is running by accessing your server’s IP address or domain name in a web browser. You should see the default Apache landing page, indicating a successful installation.

Step 3: Install ModSecurity Module

With Apache installed, it’s time to integrate the ModSecurity module. ModSecurity is an open-source WAF that helps protect your web applications from various attacks. To install ModSecurity, run the following command:

sudo apt install libapache2-mod-security2 -y

After the installation is complete, enable the ModSecurity module and restart Apache to apply the changes:

sudo a2enmod security2
sudo systemctl restart apache2

ModSecurity is now installed and ready to be configured to suit your specific security needs.

Step 4: Configure ModSecurity

To configure ModSecurity, we’ll start by copying the recommended configuration file:

sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf

Open the configuration file using a text editor like nano:

sudo nano /etc/modsecurity/modsecurity.conf

Locate the line that says SecRuleEngine DetectionOnly and change it to SecRuleEngine On. This enables ModSecurity’s blocking mode, allowing it to actively prevent malicious requests.

Save the changes and exit the text editor. Then, restart Apache to apply the new configuration:

sudo systemctl restart apache2

Step 5: Install OWASP Core Rule Set (CRS)

To enhance ModSecurity’s effectiveness, we’ll install the OWASP Core Rule Set (CRS). The CRS is a collection of pre-configured security rules that protect against common web application vulnerabilities. Download the latest CRS version using the following commands:

wget https://github.com/coreruleset/coreruleset/archive/refs/tags/v3.3.2.zip
unzip v3.3.2.zip

Move the CRS files to the appropriate directory and configure ModSecurity to use them:

mv coreruleset-3.3.2/crs-setup.conf.example /etc/modsecurity/crs-setup.conf

Include the CRS in your Apache configuration by editing the security2.conf file:

sudo nano /etc/apache2/mods-available/security2.conf

Add the following lines at the end of the file:

IncludeOptional /etc/modsecurity/*.conf
IncludeOptional /etc/modsecurity/rules/*.conf

Save the changes and restart Apache:

sudo systemctl restart apache2

Your ModSecurity installation is now equipped with a robust set of security rules from the OWASP CRS.

Step 6: Fine-Tune ModSecurity Rules

While the default ModSecurity configuration provides a solid foundation, you may need to customize the rules based on your specific application requirements. For example, you might want to allow certain types of traffic or disable specific rules that generate false positives.

To customize the rules, you can create a new configuration file in the /etc/modsecurity/ directory and include it in the security2.conf file. For instance, to allow traffic from a trusted IP address, create a file named whitelist.conf:

sudo nano /etc/modsecurity/whitelist.conf

Add the following rule to the file, replacing TRUSTED_IP with the actual IP address:

SecRule REMOTE_ADDR "@ipMatch TRUSTED_IP" "id:1000,phase:1,nolog,allow,ctl:ruleEngine=Off"

Save the file and restart Apache for the changes to take effect.

Step 7: Testing ModSecurity Configuration

To ensure ModSecurity is correctly blocking malicious requests, you can perform some tests using sample HTTP requests. For example, you can use the curl command to send a request containing a common SQL injection payload:

curl -i -X GET "http://your-server-ip/?id=1' OR '1'='1"

If ModSecurity is properly configured, it should block the request and return a 403 Forbidden status code.

Step 8: Monitor ModSecurity Logs

Regularly monitoring ModSecurity logs is essential for gaining valuable security insights and identifying potential threats. To enable logging, open the ModSecurity configuration file:

sudo nano /etc/modsecurity/modsecurity.conf

Locate the following lines and uncomment them:

SecAuditEngine On
SecAuditLog /var/log/modsec_audit.log

Save the changes and restart Apache. ModSecurity will now log its activities to the specified file. Make sure to review the logs periodically to stay informed about any suspicious activities or blocked requests.

Congratulations! You have successfully installed ModSecurity with Apache. Thanks for using this tutorial for installing ModSecurity with Apache on Ubuntu 24.04 LTS system. For additional help or useful information, we recommend you check the official ModSecurity website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!

r00t

r00t is a seasoned Linux system administrator with a wealth of experience in the field. Known for his contributions to idroot.us, r00t has authored numerous tutorials and guides, helping users navigate the complexities of Linux systems. His expertise spans across various Linux distributions, including Ubuntu, CentOS, and Debian. r00t's work is characterized by his ability to simplify complex concepts, making Linux more accessible to users of all skill levels. His dedication to the Linux community and his commitment to sharing knowledge makes him a respected figure in the field.
Back to top button