How to install latest ModSecurity 2.9.7 with Apache – Install ModSecurity 2.9.7 with Apache
What is ModSecurity?
ModSecurity is the most well-known open-source web application firewall (WAF) which was originally built for Apache Web server that provides comprehensive protection for your web applications (like WordPress, Joomla, OpenCart, etc) against a wide range of Layer 7 (HTTP) attacks. ModSecurity can work as the Web Server module and can filter out attacks like SQL injection, cross-site scripting, local file inclusion, etc
cPGuard WAF
cPGuard WAF is a set of ModSecurity rules set that can block most of the generic web attacks against your web applications. It is powered by Malware.Expert Commercial ModSecurity rules for web hosting servers. It is a proprietary set of rules written in-house and provides protection against targeted and automated attacks and has explicit rules to protect CMS like WordPress, Joomla, etc. Since the cPGuard WAF rules are loaded remotely, it needs ModSecurity 2.9.4 or higher as earlier versions are not compatible with SecRemoteRules properly.
Install ModSecurity 2.9.7 with Apache on RHEL based distros ( CentOS 7 or above or similar other operating systems )
Step 1. Update OS and install dependency packages
1 yum clean all 2 yum -y update 3 yum install gcc make httpd-devel libxml2 pcre-devel libxml2-devel curl-devel libtool 4 #Remove current ModSec package 5 yum remove mod_security
Step 2. Download & Install mod_security
Use the following steps to download and install ModSecurity
1 wget https://github.com/SpiderLabs/ModSecurity/archive/refs/tags/v2.9.7.zip 2 unzip v2.9.7.zip 3 cd ModSecurity-2.9.7/ 4 ./autogen.sh 5 ./configure 6 make 7 make install
Step 3. Enable mod_security in Apache
Insert the following content to the file /etc/httpd/conf.modules.d/10-mod_security.conf
1 LoadModule security2_module /usr/local/modsecurity/lib/mod_security2.so
Step 4. Enable ModSecurity default configuration
Now you need to load the default configuration for Apache and make it compatible with cPGuard WAF. To do it, open file /etc/httpd/conf.d/mod_security.conf and insert the following content to it
1 <IfModule mod_security2.c> 2 SecRuleEngine On 3 SecRequestBodyAccess On 4 SecDefaultAction "phase:2,deny,log,status:406" 5 SecRequestBodyLimitAction ProcessPartial 6 SecResponseBodyLimitAction ProcessPartial 7 SecRequestBodyLimit 13107200 8 SecRequestBodyNoFilesLimit 131072 9 SecPcreMatchLimit 250000 10 SecPcreMatchLimitRecursion 250000 11 SecCollectionTimeout 600 12 SecDebugLog /var/log/httpd/modsec_debug.log 13 SecDebugLogLevel 0 14 SecAuditEngine RelevantOnly 15 SecAuditLogRelevantStatus "^(?:5|4(?!04))" 16 SecAuditLogParts ABIJDEFHZ 17 SecAuditLogType Serial 18 SecAuditLog /var/log/httpd/modsec_audit.log 19 SecUploadDir /tmp 20 SecTmpDir /tmp 21 SecDataDir /tmp 22 SecTmpSaveUploadedFiles on 23 # Include file for cPGuard WAF 24 IncludeOptional /etc/httpd/cpguard.conf 25 </IfModule>
Step 5. Restart Apache
Now create the configuration file and restart Apache using the following command and verify that everything is fine.
1 touch /etc/httpd/cpguard.conf 2 service httpd restart
Step 6. cPGuard standalone configuration parameters
Once everything is done successfully , you may configure cPGuard WAF configuration with the following values
1 waf_server = apache 2 waf_server_conf = /etc/httpd/cpguard.conf 3 waf_server_restart_cmd = /bin/systemctl restart httpd.service 4 waf_audit_log = /var/log/httpd/modsec_audit.log