HowTo: Mod_Security Installation on Linux/Plesk server

Posted by Jason Web Hosting Monday 17 November 2008 9:37 pm

The following is a step by step guide on “How to install Mod_security2 on a Linux/Plesk server” which is use to secure your server from Apache exploits.

First download and extract mod_security
cd /etc/httpd/
wget http://www.modsecurity.org/download/modsecurity-apache_2.5.7.tar.gz
tar -zxf modsecurity-apache_2.5.7.tar.gz
cd modsecurity-apache_2.5.7/apache2

Next compile mod_security at a module using apxs. BTW, APXS is an Apache tool for building Apache modules.
apxs -cia mod_security2.c

you may realise you don’t have the apxs on your server, in that case you will have to install httpd-devel package using yum.
yum install httpd-devel

Once mod_security2 is installed, make sure you have the ‘LoadModule‘ line in your Apache configuration (httpd.conf) file and the module “mod_security2.so” itself under ‘modules’ directory.

LoadModule security2_module modules/mod_security2.so

Now, create a modsecurity configuration file as modsecurity.conf under /etc/httpd/conf.d/ directory, as *.conf in the conf.d directory gets loaded. Below is the sample configuration file you may use:

#SecFilterEngine DynamicOnly
SecFilterEngine On
SecFilterDefaultAction “deny,log,status:500″
SecFilterScanPOST On
SecFilterCheckURLEncoding On
SecFilterCheckCookieFormat On
SecFilterCheckUnicodeEncoding Off
SecFilterNormalizeCookies On
SecFilterCookieFormat 1
SecServerResponseToken Off

#If you want to scan the output, uncomment these
#SecFilterScanOutput On
#SecFilterOutputMimeTypes “(null) text/html text/plain”

# Only record the interesting stuff
SecAuditEngine RelevantOnly
SecAuditLog /var/log/modsecurity/audit_log

# You normally won’t need debug logging
SecFilterDebugLevel 0
SecFilterDebugLog /var/log/modsecurity/modsec_debug_log

#Include the sample rule files, you just downloaded
Include /etc/httpd/conf.d/apache2-rules.conf*
Include /etc/httpd/conf.d/badips.conf*
Include /etc/httpd/conf.d/blacklist.conf*
Include /etc/httpd/conf.d/blacklist2.conf*
Include /etc/httpd/conf.d/proxy.conf*
Include /etc/httpd/conf.d/rootkits.conf*
Include /etc/httpd/conf.d/rules.conf*

Download the sample rules from
wget http://hostanswers.net/modsecurity/sample_mod_rules.tar.gz

Please note: These are just the default rules that come with Mod_security2 and you need to modify them as per your needs.

At the end, make sure you create a modsecurity directory and ‘audit_log’ file and restart apache.
mkdir /var/log/modsecurity
touch /var/log/modsecurity/audit_log
service httpd restart

If you have problems accessing websites look at error log at
/etc/httpd/logs/audit_log

Just FYI, if you wish to disable mod_security, just comment the modsecurity ‘LoadModule’ line in your Apache configuration file and restart apache.

Leave a Reply

You must be logged in to post a comment.

Categories

• Cpanel / WHM (15)
• Linux Hosting (16)
• Linux Plesk (4)
• Linux VPS (3)

Archives

• 2009 (2)
• 2008 (36)

Web Hosting Blogroll

Dedicated Server
Dedicated Server Hosting

Load Balancing Server
Load Balanced Servers

VPS Hosting
Virtual Private Servers

cPanel Hosting
Linux Hosting

Windows Hosting
Windows Shared Hosting

Reseller Hosting
Reseller Web Hosting

Windows Reseller
Windows Reseller Hosting

Windows VPS
Windows VPS Hosting

Semi Dedicated Servers
Semi-Dedicated Hosting