How Can We Help?
< All Topics
Print

How to install latest ModSecurity 2.9.7 with Apache – Install ModSecurity 2.9.7 with Apache

UpdatedSeptember 26, 2023
BySupport
3.3 out of 5 stars

3 ratings

5 Stars 33%
4 Stars 33%
3 Stars 0%
2 Stars 0%
1 Stars 33%

What is ModSecurity?

ModSecurity is the most well-known open-source web application firewall (WAF) which was originally built for Apache Web server that provides comprehensive protection for your web applications (like WordPress, Joomla, OpenCart, etc) against a wide range of Layer 7 (HTTP) attacks. ModSecurity can work as the Web Server module and can filter out attacks like SQL injection, cross-site scripting, local file inclusion, etc

cPGuard WAF

cPGuard WAF is a set of ModSecurity rules set that can block most of the generic web attacks against your web applications. It is powered by Malware.Expert Commercial ModSecurity rules for web hosting servers. It is a proprietary set of rules written in-house and provides protection against targeted and automated attacks and has explicit rules to protect CMS like WordPress, Joomla, etc. Since the cPGuard WAF rules are loaded remotely, it needs ModSecurity 2.9.4 or higher as earlier versions are not compatible with SecRemoteRules properly.

 

Install ModSecurity 2.9.7 with Apache on RHEL based distros ( CentOS 7 or above or similar other operating systems )

Step 1. Update OS and install dependency packages
yum clean all
yum -y update
yum install gcc make httpd-devel libxml2 pcre-devel libxml2-devel curl-devel libtool
#Remove current  ModSec package
yum remove mod_security
Step 2. Download & Install mod_security

Use the following steps to download and install ModSecurity

wget https://github.com/SpiderLabs/ModSecurity/archive/refs/tags/v2.9.7.zip
unzip v2.9.7.zip
cd  ModSecurity-2.9.7/
./autogen.sh
./configure
make
make install
Step 3. Enable mod_security in Apache

Insert the following content to the file /etc/httpd/conf.modules.d/10-mod_security.conf 

LoadModule security2_module /usr/local/modsecurity/lib/mod_security2.so
Step 4. Enable ModSecurity default configuration

Now you need to load the default configuration for Apache and make it compatible with cPGuard WAF. To do it, open file /etc/httpd/conf.d/mod_security.conf and insert the following content to it

<IfModule mod_security2.c>
    SecRuleEngine On
    SecRequestBodyAccess On
    SecDefaultAction "phase:2,deny,log,status:406"
    SecRequestBodyLimitAction ProcessPartial
    SecResponseBodyLimitAction ProcessPartial
    SecRequestBodyLimit 13107200
    SecRequestBodyNoFilesLimit 131072
    SecPcreMatchLimit 250000
    SecPcreMatchLimitRecursion 250000
    SecCollectionTimeout 600
    SecDebugLog /var/log/httpd/modsec_debug.log
    SecDebugLogLevel 0
    SecAuditEngine RelevantOnly
    SecAuditLogRelevantStatus "^(?:5|4(?!04))"
    SecAuditLogParts ABIJDEFHZ
    SecAuditLogType Serial
    SecAuditLog /var/log/httpd/modsec_audit.log
    SecUploadDir /tmp
    SecTmpDir /tmp
    SecDataDir /tmp
    SecTmpSaveUploadedFiles on
    # Include file for cPGuard WAF
    IncludeOptional /etc/httpd/cpguard.conf
</IfModule>
Step 5. Restart Apache

Now create the configuration file and restart Apache using the following command and verify that everything is fine.

touch /etc/httpd/cpguard.conf
service httpd restart
Step 6. cPGuard standalone configuration parameters

Once everything is done successfully , you may configure cPGuard WAF configuration with the following values

waf_server = apache
waf_server_conf = /etc/httpd/cpguard.conf
waf_server_restart_cmd = /bin/systemctl restart httpd.service
waf_audit_log = /var/log/httpd/modsec_audit.log
Was this article helpful?
3.3 out of 5 stars

3 ratings

5 Stars 33%
4 Stars 33%
3 Stars 0%
2 Stars 0%
1 Stars 33%
5
How can we improve this article?
Please submit the reason for your vote so that we can improve the article.
Table of Contents