mod_security Installation Guide

Here are the step for mod_security installation.

1. Login to the server with root password.

2. Downlaod of the latest version of mod_security

wget http://www.modsecurity.org/download/…y-1.7.4.tar.gz

3 Untar the file.

tar zxvf mod_security-1.7.4.tar.gz

4. Now, cd mod_security-1.7.4/

5. Now check for apache version is installed on the server

APACHE 1.3.x users
cd apache1/
APACHE 2.x users
cd apache2/

6. Compliling the module

/usr/local/apache/bin/apxs -cia mod_security.c

7. Edit the apache config file now, just take the backup of the file if needed for precaution.

vi /usr/local/apache/conf/httpd.conf

Now, check the followin;

# Turn the filtering engine On or Off
SecFilterEngine On

# Change Server: string
SecServerSignature ” ”

# Make sure that URL encoding is valid
SecFilterCheckURLEncoding On

# This setting should be set to On only if the Web site is
# using the Unicode encoding. Otherwise it may interfere with
# the normal Web site operation.
SecFilterCheckUnicodeEncoding Off

# Only allow bytes from this range
SecFilterForceByteRange 1 255

# The audit engine works independently and
# can be turned On of Off on the per-server or
# on the per-directory basis. “On” will log everything,
# “DynamicOrRelevant” will log dynamic requests or violations,
# and “RelevantOnly” will only log policy violations
SecAuditEngine RelevantOnly

# The name of the audit log file
SecAuditLog /var/log/httpd/audit_log

# Should mod_security inspect POST payloads
SecFilterScanPOST On

# Action to take by default
SecFilterDefaultAction “deny,log,status:500?

# Require HTTP_USER_AGENT and HTTP_HOST in all requests
SecFilterSelective “HTTP_USER_AGENT|HTTP_HOST” “^$”

# Prevent path traversal (..) attacks
SecFilter “../”

# Weaker XSS protection but allows common HTML tags
SecFilter “”

# Very crude filters to prevent SQL injection attacks
SecFilter “delete[[:space:]]+from”
SecFilter “insert[[:space:]]+into”
SecFilter “select.+from”

# Protecting from XSS attacks through the PHP session cookie
SecFilterSelective ARG_PHPSESSID “!^[0-9a-z]*$”
SecFilterSelective COOKIE_PHPSESSID “!^[0-9a-z]*$”

8. Last but not the least — Restart Apache.

The installation process completed.