Page 1 of 1

Apache and ModSecurity (step by step guide)

Posted: Wed Jul 30, 2008 10:09 pm
by nasacis
Apache and ModSecurity

ModSecurity is a web application firewall (WAF). With over 70% of attacks now carried out
over the web application level, organisations need all the help they can get in making
their systems secure. WAFs are deployed to establish an increased external security layer
to detect and/or prevent attacks before they reach web applications. ModSecurity provides
protection from a range of attacks against web applications and allows for HTTP traffic
monitoring and real-time analysis with little or no changes to existing infrastructure.

pre-installation check list
install all above packages before installing modsecurity

Installing and configuring Lua
cd /usr/src
tar zxvf lua.5.1.3.tar.gz
cd lua.5.1.3/src
patch < /usr/src/patch-lua.5.1.3
cd ..
make linux
make test
make linux install
cd /usr/local/lib
gcc -shared -o /usr/local/lib/liblua.a
ln -s

Installing and configure Apache
./configure --prefix=/usr/local/apache --enable-unique-id
make install
cp /usr/local/apache/bin/apachectl /etc/rc.d/init.d/httpd
ln -s /etc/rc.d/init.d/httpd /etc/rc.d/rc3.d/S86httpd
/etc/rc.d/init.d/httpd start

installing and configure modsecurity
./configure --wiith-apxs=/usr/local/apache/bin/apxs
make test #optional
make install
vi /usr/local/apache/conf/httpd.conf
#add these lines in your httpd.conf
LoadFile /usr/lib/
LoadFile /usr/local/lib/
LoadModule security2_module modules/
Include conf/modsecurity/*.conf
mkdir -p /usr/local/apache/conf/modsecurity
chown -R nobody.nobody /usr/local/apache/conf/modsecurity # used appropriate username/group to run your apache server
#for basic configuration of modsecurity, copy these two files from source of modsecurity and for further rules check ruls folder in source directory of modsecurity
cp /usr/src/modsecurity-apache_2.5.5/rules/modsecurity_crs_10_config.conf /usr/local/apache/conf/modsecurity
cp /usr/src/modsecurity-apache_2.5.5/rules/modsecurity_crs_30_http_policy.conf /usr/local/apache/conf/modsecurity
/etc/rc.d/init.d/httpd restart

you should now have modseccurity 2.x up and running
tail -f /usr/local/apache/logs/error_log # you will see below line
[Wed Jul 30 22:27:19 2008] [notice] ModSecurity for Apache/2.5.5 ( configured.


Posted: Thu Jul 31, 2008 12:53 am
by lambda
isn't it simpler to just install the package from here? most users won't need to compile lua or apache, either (notes).

Posted: Thu Jul 31, 2008 9:28 am
by nasacis
i know that it is option package but modsecurity requires dynamic libraries which are not built by default in the source distribution

Posted: Sat Aug 09, 2008 10:50 pm
by nomankhn
Hi Nafees,

could tell me a bit more about modsecurity, what about its rule and what is optimum configuration for web server.

Noman liaquat

Posted: Mon Aug 11, 2008 8:32 am
by nasacis
check rules, i just use basic rules in howto