ModSecurity is an open-source web application firewall (WAF) module for the Apache HTTP Server. It helps protect web servers against common attacks such as SQL injection, cross-site scripting (XSS), remote file inclusion, and malicious HTTP requests.<\/p>\n\n\n\n
Compiling Apache with ModSecurity allows administrators to integrate advanced request filtering and security rules directly into the web server environment. This guide explains how to download, compile, configure, and enable ModSecurity on Apache servers.<\/p>\n\n\n\n
Before starting the installation, ensure the following requirements are met:<\/p>\n\n\n\n
apxs<\/code> and httpd-devel<\/code>)<\/li>\n\n\n\n- GCC compiler and build tools installed<\/li>\n\n\n\n
- Basic knowledge of Linux command line operations<\/li>\n<\/ul>\n\n\n\n
Install required development packages if they are not already available:<\/p>\n\n\n\n
$ yum install httpd-devel gcc make -y<\/code><\/pre>\n\n\n\nFor Debian\/Ubuntu systems:<\/p>\n\n\n\n
$ apt-get install apache2-dev build-essential -y<\/code><\/pre>\n\n\n\nIt is also recommended to create a backup of the Apache configuration before making any changes.<\/p>\n\n\n\n
Implementation:<\/h3>\n\n\n\n
Step 1: Download and Extract ModSecurity<\/strong><\/p>\n\n\n\nDownload the ModSecurity source package:<\/p>\n\n\n\n
$ wget http:\/\/www.modsecurity.org\/download\/modsecurity-apache_1.9.4.tar.gz<\/code><\/pre>\n\n\n\nExtract the archive:<\/p>\n\n\n\n
$ tar -zxf modsecurity-apache_1.9.4.tar.gz<\/code><\/pre>\n\n\n\nStep 2: Navigate to the Apache Version Directory<\/strong><\/p>\n\n\n\nFor Apache 1.3.x<\/h3>\n\n\n\n$ cd modsecurity-apache_1.9.4\/apache1<\/code><\/pre>\n\n\n\nFor Apache 2.x<\/h3>\n\n\n\n$ cd modsecurity-apache_1.9.4\/apache2<\/code><\/pre>\n\n\n\n\nNote: Most modern Linux distributions and control panels such as Plesk use Apache 2.x.<\/p>\n<\/blockquote>\n\n\n\n
Step 3: Compile ModSecurity<\/strong><\/p>\n\n\n\nCompile the ModSecurity module using the Apache Extension Tool (apxs<\/code>):<\/p>\n\n\n\n$ \/etc\/httpd\/bin\/apxs -cia mod_security.c<\/code><\/pre>\n\n\n\nIf the above command fails due to missing development files, install the Apache development package and retry:<\/p>\n\n\n\n
$ yum install httpd-devel -y\/usr\/sbin\/apxs -cia mod_security.c<\/code><\/pre>\n\n\n\nSuccessful compilation will install the mod_security.so<\/code> module into the Apache modules directory.<\/p>\n\n\n\nStep 4: Backup Apache Configuration<\/strong><\/p>\n\n\n\nBefore modifying the Apache configuration, create a backup:<\/p>\n\n\n\n
$ cp \/etc\/httpd\/conf\/httpd.conf \/etc\/httpd\/conf\/httpd.conf-mod_sec<\/code><\/pre>\n\n\n\nStep 5: Edit Apache Configuration<\/strong><\/p>\n\n\n\nOpen the Apache configuration file:<\/p>\n\n\n\n
$ vi \/etc\/httpd\/conf\/httpd.conf<\/code><\/pre>\n\n\n\nFor Apache 1.3.x<\/h3>\n\n\n\n
Locate the following line:<\/p>\n\n\n\n
AddModule mod_security.c<\/code><\/pre>\n\n\n\nIf it does not exist, add it with the other module entries.<\/p>\n\n\n\n
For Apache 2.x<\/h3>\n\n\n\n
Locate the following line:<\/p>\n\n\n\n
LoadModule security_module modules\/mod_security.so<\/code><\/pre>\n\n\n\nBelow this line, add the ModSecurity ruleset configuration.<\/p>\n\n\n\n
Step 6: Configure ModSecurity Rules<\/strong><\/p>\n\n\n\nAdd the following basic ModSecurity directives:<\/p>\n\n\n\n
# Enable ModSecuritySecFilterEngine On# Hide Apache version informationSecServerSignature \"Apache\"# Unicode checkSecFilterCheckUnicodeEncoding Off# Audit loggingSecAuditEngine RelevantOnlySecAuditLog logs\/audit_log# Scan POST payloadsSecFilterScanPOST On# Default actionSecFilterDefaultAction \"deny,log,status:403\"<\/code><\/pre>\n\n\n\nAdditional custom filtering rules can then be added based on security requirements.<\/p>\n\n\n\n
The provided ruleset includes protections against:<\/p>\n\n\n\n
\n- XSS attacks<\/li>\n\n\n\n
- Malicious file downloads<\/li>\n\n\n\n
- Email header injection<\/li>\n\n\n\n
- Remote command execution attempts<\/li>\n\n\n\n
- Common exploit patterns<\/li>\n<\/ul>\n\n\n\n
Step 7: Restart Apache<\/strong><\/p>\n\n\n\nAfter saving the configuration, restart Apache to apply the changes.<\/p>\n\n\n\n
On CentOS\/RHEL<\/h3>\n\n\n\n$ service httpd restart<\/code><\/pre>\n\n\n\nOn Ubuntu\/Debian<\/h3>\n\n\n\n$ systemctl restart apache2<\/code><\/pre>\n\n\n\n