How to Install ModSecurity with OWASP on Apache Server | ServerMom

ServerMom
Teaching Babies How To Manage Unmanaged Servers

Path: Home >> How To >> How to Install ModSecurity with OWASP on Apache Server

How to Install ModSecurity with OWASP on Apache Server

July 19th, 2013

Advertise Here Advertise in this spot with Online Advertising Marketplace

ads by BSA

Installing Mod_Security and OWASP on Apache CentOS server This tutorial will show you (with pictures) how to install a web application firewall engine that provides very little protection on its own. This web app, mod_security is basically used to protect and monitor real time HTTP traffic and web applications from brute fore attacks and it also acts as intrusion detection and prevention system for web applications. In order to become useful, ModSecurity must be configured with rules which we can then use OWASP (Open Web Application Security Project) which is a Core Rules Set (CRS) for mod_security base configuration. The Core Rules are heavily commented to allow it to be used as a step-by-step deployment

guide for ModSecurity.

Prerequisites:
You can install mod_security in any server-compliant Linux distros like Ubuntu, Fedora, Debian and CentOS but this tutorial is done in a CentOS machine. You can simply adopt the command according to the Distro you are using. However, RHEL 6.2/6.1/6/5.8, CentOS 6.2/6.1/6/5.8 and Fedora 17,16,15,14,13,12 users can simply follow the exact steps. Basically mod_security can be installed in most web servers like Nginx, Apache and even Microsoft IIS. But this tutorial will cover only on a server running Apache. So I assume you have already installed and configured your LAMP stack.

How to Install Mod_Security (using source code)

Step 1 Login to your server and follow my previous guide about Basic setup for CentOS before you build a live web server. You may and may not follow that tutorial but if you followed, it will give you some basic security tweak to your server.

How to Install ModSecurity with OWASP on Apache Server | ServerMom

Before you proceed to the next steps, it is better to explain that all commands in this tutorial are written without the sudo prefix. However if you disabled root login and you logged in using another username with root privilege, you can add the sudo prefix all by your self. Alternatively you can simply type su, hit Enter and type in your password twice to switch login as root. You may also need to type this command to go to the root directory: 1 cd ~

Step 2 Next, you have to install some dependency packages for mod_security. Heres the command you can try to issue: 1 2 yum install gcc make yum install libxml2 libxml2-devel httpd-devel pcre-devel curl-devel

p.s: if you see two lines of command like above means you have to hit Enter after each line for issuing the command.

Hit Y if asked to confirm.

Step 3 Now download latest version of mod_security. To do that, you can always check it at ModSecurity official website (http://www.modsecurity.org/download/). In my case it is now version 2.7.4. Then is-

How to Install ModSecurity with OWASP on Apache Server | ServerMom

sue this command: 1 2 cd /usr/src wget https://www.modsecurity.org/tarball/2.7.4/modsecurity-apache_2.7.4.tar.gz

screenshot:

Step 4 Once downloaded, extract it using this command: 1 tar xzf modsecurity-apache_2.7.4.tar.gz

Of course you have to replace modsecurity-apache_2.7.4.tar.gz part with the latest version of ModSecurity youve downloaded. Step 5 Lets install it. First, go to the newly extracted folder and configure it: 1 2 pic: cd modsecurity-apache_2.7.4 ./configure

Next, install mod_security with simple make install command: 1 make install

The output will be a bit too long. Just wait till it done:

How to Install ModSecurity with OWASP on Apache Server | ServerMom

Step 6 Once done, copy recommended configuration file: 1 cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf

Step 7 Now load the module in your Apache configuration. You can use either Nano or vi editor to do that: 1 nano /etc/httpd/conf/httpd.conf

Step 8 Once the editor appears, locate line LoadModule in your httpd.conf and add this below line at the bottom. If you are using Nano like me, hit Control+W to search. 1 pic: LoadModule security2_module modules/mod_security2.so

In Nano, hit Control+O to save then Control+X to exit. Do not restart Apache yet as we will also install OWSAP CRS to be integrated with Apaches ModSecurity.

How to Install ModSecurity with OWASP on Apache Server | ServerMom

Alternate Method to Install Mod_Security

There is also another way you can follow to always install the latest version of ModSecurity module on your Apache server. Use these steps to replace step 3, 4 and 5 above: Step 3 Download Mod_Security from Github project page: 1 2 cd /usr/src git clone https://github.com/SpiderLabs/ModSecurity.git

Step 4 Now issue these: 1 2 3 cd ModSecurity ./configure make install

form here you can simply follow steps 6 above.

How to Install OWASP CRS

Step 1 Still in your favorite SSH client, now move to /etc/httpd directory: 1 cd /etc/httpd/

Step 2 Next, lets grab OWASP CRS from SpiderLabs Github project page: 1 pic: git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git

Step 3 A simple task, rename it to modsecurity-crs then go to that folder: 1 2 mv owasp-modsecurity-crs modsecurity-crs <span style="color: #7a0874; font-weight: bold;">cd</span> modsecurity-crs

Step 4 Now create configuration file from included example: 1 pic: cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_config.conf

How to Install ModSecurity with OWASP on Apache Server | ServerMom

Step 5 Finally, edit Apache configuration again: 1 nano /etc/httpd/conf/httpd.conf

then scroll down (go to the very bottom of the config page) and place this in the very bottom (after your virtual host file): 1 2 3 4 <IfModule security2_module> Include modsecurity-crs/modsecurity_crs_10_config.conf Include modsecurity-crs/base_rules/*.conf </IfModule>

Now save it and exit Nano editor. Pic:

Restart Apache
So now youve installed Mod_Security and OWASP-CRS, its time to restart Apache service so the module can be loaded along with its rules: 1 service httpd restart

p.s: This tutorial is done in CentOS 6.4 x86_64 server hosted by DigitalOcean. Thats it. Enjoy some basic necessary protection on your Apache server as the Mod_Security + OWASP CRS give you these advantages: HTTP Protection detecting violations of the HTTP protocol and a locally defined usage policy. Real-time Blacklist Lookups utilizes 3rd Party IP Reputation

How to Install ModSecurity with OWASP on Apache Server | ServerMom

Web-based Malware Detection identifies malicious web content by check against the Google Safe Browsing API. Identification of Application Defects alerts on application misconfigurations. HTTP Denial of Service Protections defense against HTTP Flooding and Slow HTTP DoS Attacks. Common Web Attacks Protection detecting common web application security attack. Automation Detection Detecting bots, crawlers, scanners and other surface malicious activity. Tracking Sensitive Data Tracks Credit Card usage and blocks leakages. Trojan Protection Detecting access to Trojans horses. Integration with AV Scanning for File Uploads detects malicious files uploaded through the web application. Error Detection and Hiding Disguising error messages sent by the server.

Share this:

This entry was posted in How To and tagged advanced, apache, centos, lamp, modsecurity, owasp, security .

About Sawiyati Hi! I'm Sawiyati, a mom with passion about blogging, programming and everything techy. Having no offline job, so I decided to start blogging while learning what I love for. You can find me in Google+ here. View all posts by Sawiyati