How to install latest ModSecurity 2.9.7 with Apache – Install ModSecurity 2.9.7 with Apache
What is ModSecurity?
ModSecurity is the most well-known open-source web application firewall (WAF) which was originally built for Apache Web server that provides comprehensive protection for your web applications (like WordPress, Joomla, OpenCart, etc) against a wide range of Layer 7 (HTTP) attacks. ModSecurity can work as the Web Server module and can filter out attacks like SQL injection, cross-site scripting, local file inclusion, etc
cPGuard WAF is a set of ModSecurity rules set that can block most of the generic web attacks against your web applications. It is powered by Malware.Expert Commercial ModSecurity rules for web hosting servers. It is a proprietary set of rules written in-house and provides protection against targeted and automated attacks and has explicit rules to protect CMS like WordPress, Joomla, etc. Since the cPGuard WAF rules are loaded remotely, it needs ModSecurity 2.9.4 or higher as earlier versions are not compatible with SecRemoteRules properly.
Install ModSecurity 2.9.7 with Apache on RHEL based distros ( CentOS 7 or above or similar other operating systems )
Step 1. Update OS and install dependency packages
yum clean all yum -y update yum install gcc make httpd-devel libxml2 pcre-devel libxml2-devel curl-devel libtool #Remove current ModSec package yum remove mod_security
Step 2. Download & Install mod_security
Use the following steps to download and install ModSecurity
wget https://github.com/SpiderLabs/ModSecurity/archive/refs/tags/v2.9.7.zip unzip v2.9.7.zip cd ModSecurity-2.9.7/ ./autogen.sh ./configure make make install
Step 3. Enable mod_security in Apache
Open file /etc/httpd/conf.modules.d/10-mod_security.conf and insert the following entry to it
LoadModule security2_module /usr/local/modsecurity/lib/mod_security2.so
Step 4. Enable ModSecurity default configuration
Now you need to load the default configuration for Apache and make it compatible with cPGuard WAF. To do it, open file /etc/httpd/conf.d/mod_security.conf and insert the following content to it
<IfModule mod_security2.c> SecRuleEngine On SecRequestBodyAccess On SecDefaultAction "phase:2,deny,log,status:406" SecRequestBodyLimitAction ProcessPartial SecResponseBodyLimitAction ProcessPartial SecRequestBodyLimit 13107200 SecRequestBodyNoFilesLimit 131072 SecPcreMatchLimit 250000 SecPcreMatchLimitRecursion 250000 SecCollectionTimeout 600 SecDebugLog /var/log/httpd/modsec_debug.log SecDebugLogLevel 0 SecAuditEngine RelevantOnly SecAuditLogRelevantStatus "^(?:5|4(?!04))" SecAuditLogParts ABIJDEFHZ SecAuditLogType Serial SecAuditLog /var/log/httpd/modsec_audit.log SecUploadDir /tmp SecTmpDir /tmp SecDataDir /tmp SecTmpSaveUploadedFiles on # Include file for cPGuard WAF IncludeOptional /etc/httpd/cpguard.conf </IfModule>
Step 5. Restart Apache
Now restart Apache using the following command and verify that everything is fine.
service httpd restart
Step 6. cPGuard standalone configuration parameters
Once everything is done successfully , you may configure cPGuard WAF configuration with the following values
waf_server = apache waf_server_conf = /etc/httpd/cpguard.conf waf_server_restart_cmd = /bin/systemctl restart httpd.service waf_audit_log = /var/log/httpd/modsec_audit.log