Apache and ModSecurity
Introduction
ModSecurity is a web application firewall (WAF). With over 70% of attacks now carried out
over the web application level, organisations need all the help they can get in making
their systems secure. WAFs are deployed to establish an increased external security layer
to detect and/or prevent attacks before they reach web applications. ModSecurity provides
protection from a range of attacks against web applications and allows for HTTP traffic
monitoring and real-time analysis with little or no changes to existing infrastructure.
pre-installation check list
libxml2
libpcre
install all above packages before installing modsecurity
Installing and configuring Lua
cd /usr/src
wget http://www.lua.org/ftp/lua-5.1.3.tar.gz
wget http://www.lua.org/ftp/patch-lua-5.1.3
tar zxvf lua.5.1.3.tar.gz
cd lua.5.1.3/src
patch < /usr/src/patch-lua.5.1.3
cd ..
make linux
make test
make linux install
cd /usr/local/lib
gcc -shared -o liblua.5.1.3.so /usr/local/lib/liblua.a
ln -s liblua.5.1.3.so liblua.so
Installing and configure Apache
./configure --prefix=/usr/local/apache --enable-unique-id
make
make install
cp /usr/local/apache/bin/apachectl /etc/rc.d/init.d/httpd
ln -s /etc/rc.d/init.d/httpd /etc/rc.d/rc3.d/S86httpd
/etc/rc.d/init.d/httpd start
installing and configure modsecurity
./configure --wiith-apxs=/usr/local/apache/bin/apxs
make
make test #optional
make install
vi /usr/local/apache/conf/httpd.conf
#add these lines in your httpd.conf
LoadFile /usr/lib/libxml2.so
LoadFile /usr/local/lib/liblua.so
LoadModule security2_module modules/mod_security2.so
Include conf/modsecurity/*.conf
mkdir -p /usr/local/apache/conf/modsecurity
chown -R nobody.nobody /usr/local/apache/conf/modsecurity # used appropriate username/group to run your apache server
#for basic configuration of modsecurity, copy these two files from source of modsecurity and for further rules check ruls folder in source directory of modsecurity
cp /usr/src/modsecurity-apache_2.5.5/rules/modsecurity_crs_10_config.conf /usr/local/apache/conf/modsecurity
cp /usr/src/modsecurity-apache_2.5.5/rules/modsecurity_crs_30_http_policy.conf /usr/local/apache/conf/modsecurity
/etc/rc.d/init.d/httpd restart
you should now have modseccurity 2.x up and running
tail -f /usr/local/apache/logs/error_log # you will see below line
[Wed Jul 30 22:27:19 2008] [notice] ModSecurity for Apache/2.5.5 (http://www.modsecurity.org/) configured.
Regards
Apache and ModSecurity (step by step guide)
-
- Battalion Havaldaar Major
- Posts: 269
- Joined: Sat Dec 13, 2003 3:58 pm
- Location: Faisalabad
- Contact:
Apache and ModSecurity (step by step guide)
Nafees Ahmed
Cell: +92.300.8653568
UAN: 041-111432432
Nexlinx Faisalabad
www.nexlinx.net.pk
nafees29@gmail.com
Cell: +92.300.8653568
UAN: 041-111432432
Nexlinx Faisalabad
www.nexlinx.net.pk
nafees29@gmail.com
isn't it simpler to just install the package from here? most users won't need to compile lua or apache, either (notes).
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
-
- Battalion Havaldaar Major
- Posts: 269
- Joined: Sat Dec 13, 2003 3:58 pm
- Location: Faisalabad
- Contact:
i know that it is option package but modsecurity requires dynamic libraries which are not built by default in the source distribution
Nafees Ahmed
Cell: +92.300.8653568
UAN: 041-111432432
Nexlinx Faisalabad
www.nexlinx.net.pk
nafees29@gmail.com
Cell: +92.300.8653568
UAN: 041-111432432
Nexlinx Faisalabad
www.nexlinx.net.pk
nafees29@gmail.com
-
- Battalion Havaldaar Major
- Posts: 269
- Joined: Sat Dec 13, 2003 3:58 pm
- Location: Faisalabad
- Contact:
check rules, i just use basic rules in howto
Nafees Ahmed
Cell: +92.300.8653568
UAN: 041-111432432
Nexlinx Faisalabad
www.nexlinx.net.pk
nafees29@gmail.com
Cell: +92.300.8653568
UAN: 041-111432432
Nexlinx Faisalabad
www.nexlinx.net.pk
nafees29@gmail.com