In this tutorial, we will show you how to install Mod_Security Apache on CentOS 6. For those of you who didn’t know, Mod_security is an Apache module that helps to protect your website from various attacks such as cross-site scripting, SQL injection attacks, path traversal attacks, etc. Mod_evasive is an Apache module that helps to prevent HTTP DoS (DDoS) attacks or server brute force attacks. It operates embedded into the web server, acting as a powerful umbrella, shielding applications from attacks.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple. I will show you through the step-by-step installation mod_security apache on CentOS 6.
Prerequisites
- A server running one of the following operating systems: CentOS 6.
- It’s recommended that you use a fresh OS install to prevent any potential issues.
- SSH access to the server (or just open Terminal if you’re on a desktop).
- A
non-root sudo useror access to theroot user. We recommend acting as anon-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.
Install Mod_Security Apache on CentOS 6
Step 1. Installing Dependencies for mod_security.
yum install gcc make httpd-devel libxml2 pcre-devel libxml2-devel curl-devel git
Step 2. Download the latest stable release of mod_security source code from their official website to your server.
wget https://www.modsecurity.org/tarball/2.9.0/modsecurity-2.9.0.tar.gz tar xzf modsecurity-apache_2.9.0.tar.gz cd modsecurity-apache_2.9.0 ./configure make install cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf cp unicode.mapping /etc/httpd/conf.d/
Step 3. Configuring Mod_Security.
# nano /etc/httpd/conf/httpd.conf LoadModule security2_module modules/mod_security2.so
Now set the basic rule set in your httpd.conf file. Add the following lines of code at the end of the file:
<IfModule security2_module> Include conf.d/modsecurity.conf </IfModule>
Save the changes and restart Apache:
service httpd start
Step 4. Download and configure OWASP (Open Web Application Security Project) core rule set for a base configuration.
cd /etc/httpd git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git mv owasp-modsecurity-crs modsecurity-crs cd modsecurity-crs cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_config.conf
Open the Apache configuration file again, and add the following lines at the end of the file:
# nano /etc/httpd/conf/httpd.conf Include modsecurity-crs/modsecurity_crs_10_config.conf Include modsecurity-crs/base_rules/*.conf
Next, restart the Apache service to enable the mod_security module:
service httpd restart
Congratulations! You have successfully installed mod_security apache. Thanks for using this tutorial for installing the mod_security apache web server on centos 6 systems. For additional help or useful information, we recommend you check the official apache website.
