How Can We Help?
< All Topics
Print

How to install latest ModSecurity 2.9.7 with Apache – Install ModSecurity 2.9.7 with Apache

What is ModSecurity?

ModSecurity is the most well-known open-source web application firewall (WAF) which was originally built for Apache Web server that provides comprehensive protection for your web applications (like WordPress, Joomla, OpenCart, etc) against a wide range of Layer 7 (HTTP) attacks. ModSecurity can work as the Web Server module and can filter out attacks like SQL injection, cross-site scripting, local file inclusion, etc

cPGuard WAF

cPGuard WAF is a set of ModSecurity rules set that can block most of the generic web attacks against your web applications. It is powered by Malware.Expert Commercial ModSecurity rules for web hosting servers. It is a proprietary set of rules written in-house and provides protection against targeted and automated attacks and has explicit rules to protect CMS like WordPress, Joomla, etc. Since the cPGuard WAF rules are loaded remotely, it needs ModSecurity 2.9.4 or higher as earlier versions are not compatible with SecRemoteRules properly.

 

Install ModSecurity 2.9.7 with Apache on RHEL based distros ( CentOS 7 or above or similar other operating systems )

Step 1. Update OS and install dependency packages
1yum clean all
2yum -y update
3yum install gcc make httpd-devel libxml2 pcre-devel libxml2-devel curl-devel libtool
4#Remove current ModSec package
5yum remove mod_security
Step 2. Download & Install mod_security

Use the following steps to download and install ModSecurity

1wget https://github.com/SpiderLabs/ModSecurity/archive/refs/tags/v2.9.7.zip
2unzip v2.9.7.zip
3cd ModSecurity-2.9.7/
4./autogen.sh
5./configure
6make
7make install
Step 3. Enable mod_security in Apache

Insert the following content to the file /etc/httpd/conf.modules.d/10-mod_security.conf 

1LoadModule security2_module /usr/local/modsecurity/lib/mod_security2.so
Step 4. Enable ModSecurity default configuration

Now you need to load the default configuration for Apache and make it compatible with cPGuard WAF. To do it, open file /etc/httpd/conf.d/mod_security.conf and insert the following content to it

1<IfModule mod_security2.c>
2 SecRuleEngine On
3 SecRequestBodyAccess On
4 SecDefaultAction "phase:2,deny,log,status:406"
5 SecRequestBodyLimitAction ProcessPartial
6 SecResponseBodyLimitAction ProcessPartial
7 SecRequestBodyLimit 13107200
8 SecRequestBodyNoFilesLimit 131072
9 SecPcreMatchLimit 250000
10 SecPcreMatchLimitRecursion 250000
11 SecCollectionTimeout 600
12 SecDebugLog /var/log/httpd/modsec_debug.log
13 SecDebugLogLevel 0
14 SecAuditEngine RelevantOnly
15 SecAuditLogRelevantStatus "^(?:5|4(?!04))"
16 SecAuditLogParts ABIJDEFHZ
17 SecAuditLogType Serial
18 SecAuditLog /var/log/httpd/modsec_audit.log
19 SecUploadDir /tmp
20 SecTmpDir /tmp
21 SecDataDir /tmp
22 SecTmpSaveUploadedFiles on
23 # Include file for cPGuard WAF
24 IncludeOptional /etc/httpd/cpguard.conf
25</IfModule>
Step 5. Restart Apache

Now create the configuration file and restart Apache using the following command and verify that everything is fine.

1touch /etc/httpd/cpguard.conf
2service httpd restart
Step 6. cPGuard standalone configuration parameters

Once everything is done successfully , you may configure cPGuard WAF configuration with the following values

1waf_server = apache
2waf_server_conf = /etc/httpd/cpguard.conf
3waf_server_restart_cmd = /bin/systemctl restart httpd.service
4waf_audit_log = /var/log/httpd/modsec_audit.log
Was this article helpful?
2.6 out of 5 stars

4 ratings

5 Stars 25%
4 Stars 25%
3 Stars 0%
2 Stars 0%
1 Stars 50%
5.0
How can we improve this article?
Please submit the reason for your vote so that we can improve the article.
Table of Contents