ModSecurity is a free web application firewall (WAF) which is a simple, powerful way to protect a server against web-based malware and hacking attempts. Learn how to install ModSecurity and the officially-recommended OWASP Core Rule Set (CRS) which will protect a server against malware and hacking in the form of SQL injection, session hijacking, cross-site scripting, Trojans, and many other forms of web-based exploits.
vServer (VPS) from IONOS
Low-cost, powerful VPS hosting for running your custom applications, with a personal assistant and 24/7 support.
100 % SSD storageReady in 55 sec.SSL certificateApache is installed and running on a Standard installation by default. If your server was created with a Minimal installation, you will need to install and configure Apache before you proceed.
Install the libapache2-modsecurity package:
sudo apt-get install libapache2-modsecurityUse apachectl -M | grep security to verify that the package has been installed. The server will respond with:
user@localhost:~# apachectl -M | grep security
security2_module (shared)Create a directory for the ModSecurity rules:
sudo mkdir /etc/modsecurityCreate a file for ModSecurity rules and open the file for editing:
sudo nano /etc/modsecurity/mod_security.confAdd the following to the file:
<IfModule mod_security2.c>
SecRuleEngine On
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType text/plain text/html text/xml application/octet-stream
SecDataDir /tmp
</IfModule>Save and exit the file. Then restart Apache for the changes to take effect:
sudo systemctl restart apache2The OWASP Core Rule Set (CRS) extends the functionality of ModSecurity by providing a set of security rules to protect your server.
First, install the git package:
sudo apt-get install gitGo to the /etc/apache2 directory:
cd /etc/apache2/Download the OWASP installation files:
sudo git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.gitMove to the new OWASP directory:
cd owasp-modsecurity-crsCreate a copy of the example setup file and rename it:
sudo cp crs-setup.conf.example crs-setup.confOpen the main Apache configuration file for editing:
sudo nano /etc/apache2/apache2.confScroll down to the section which reads:
# Include module configuration:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.confAdd the following two lines:
Include /etc/apache2/owasp-modsecurity-crs/crs-setup.conf
Include /etc/apache2/owasp-modsecurity-crs/rules/*.confSave and exit the file. Then restart Apache for the changes to take effect:
systemctl restart apache2Web hosting with a personal consultant!
Fast and scalable, including a free domain and email address, trust web hosting from IONOS!
Free domainSSL24/7 supportYou can test ModSecurity's OWASP CRS by visiting the URL:
http://example.com/?param="><script>alert(1);</script>Where example.com is replaced with your server's domain name or IP address.
You will be denied access with a 403: Forbidden error. Furthermore, this error will be noted in the /var/log/apache2/error.log file, with an entry similar to:
[Tue Aug 01 21:28:41.118995 2017] [:error] [pid 59913] [client 79.196.255.255] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "810"] [id "920350"] [rev "2"] [msg "Host header is a numeric IP address"] [data "50.21.182.126:80"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "50.21.182.126"] [uri "/phpmanager/"] [unique_id "WYDyiX8AAAEAAOoJ5qMAAAAA"]The OWASP CRS comes with a script you can run to update the rules with the latest version. To update OWASP:
sudo python /etc/apache2/owasp-modsecurity-crs/util/upgrade.py --crsIf you run it now to test the command, it will respond with:
crs:
From https://github.com/SpiderLabs/owasp-modsecurity-crs
* branch HEAD -> FETCH_HEAD
Already up-to-date.We recommend that you periodically run this script to update the OWASP CRS for the latest security patches.
Learn how to install and use Apache Tomcat on CentOS 7. Apache Tomcat is a Java Servlet container developed by Apache to which allows you to deploy Java servlets and JSPs. Apache Tomcat also functions as a web server, which is able to support small to medium-sized websites. This tutorial also covers how to install and use the Tomcat Web Admin Manager, which allows you to manage Tomcat and virtual...
Learn how to enable CGI scripts to run on the Apache web server. This tutorial includes step-by-step instructions for adding the necessary Apache configurations to allow CGI scripts to run, and how to set the correct permissions on the directory and CGI files.
Learn How to install and configure apache for WordPress. With this guide we will show you how to install and setup Apache for a WordPress installation.
ModSecurity is a free web application firewall (WAF) which is a simple, powerful way to protect a server against web-based malware and hacking attempts. Learn how to install ModSecurity and the officially-recommended OWASP Core Rule Set (CRS) which will protect a server against malware and hacking in the form of SQL injection, session hijacking, cross-site scripting, Trojans, and many other forms...
Google PageSpeed modules are a free collection of Apache web server modules which are designed to optimize a website's performance. Learn how to install and enable Google PageSpeed modules on a Cloud Server with Linux.
Provide powerful and reliable service to your clients with a web hosting package from IONOS.
View packages