How To Install mod_security on CentOS

Last updated on July 12th, 2024 at 04:50 am

Website administrators have to protect their sites from malicious attackers and bots all the time. Otherwise, they can gain unauthorized access to your site content and harm it. mod_security is a popular web application firewall that improves website security and offers website protection against malicious attacks. If your website runs on any of the popular servers such as Apache, NGINX or IIS, it is advisable that you set up mod_security. In this article, we will look at how to install mod_security on CentOS.

What is mod_security

mod_security, also called modsec, is a web application firewall that offers real-time monitoring, logging and filtering based on user-defined rules. It was initially built as Apache module but has grown to support NGINX and IIS as well. It is open-source and free and widely used by sites running Apache server. It mainly uses regular expressions and a set of rules called SecRules to easily catch and deal with common exploits and vulnerabilities.

Benefits of mod_security

mod_security provides many useful features such as

  1. Easy to configure firewall rules
  2. Filter requests and responses across wide range of platforms including Apache, IIS and NGINX
  3. Real time filtering, logging and monitoring
  4. Can be configured within web server or as proxy server
  5. Ability to drop, pass, return, redirect requests or even run script based on user-defined rules
  6. Maintained for more than 20 years, so robust, stable and has wide user base

How To Install mod_security on CentOS

Here are the steps to install mod_security on CentOS.

1. Update System

Open terminal and run the following commands to update your system to use latest packages.

# yum clean all
# yum -y update

2. Install mod_security Dependencies

Before we install mod_security, we need to install a few packages that it depends upon. Run the following commands to install mod_security dependencies

# yum install gcc make httpd-devel libxml2 pcre-devel libxml2-devel curl-devel git

3. Download & Install mod_security

We will download and install mod_security from source code. Run the following commands to download the source file. Replace 2.9.3 with the version number of your choice.

# wget https://www.modsecurity.org/tarball/2.9.3/modsecurity-2.9.3.tar.gz
# tar xzf modsecurity-apache_2.9.3.tar.gz
# cd modsecurity-apache_2.9.3
# ./configure
# make install
# cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf
# cp unicode.mapping /etc/httpd/conf.d/

In the above commands, we use wget command to download the file. Then we use tar command to extract it to directory. Lastly we build and install the package.

mod_security ships with a config file template called modsecurity.conf-recommended. After the package is installed, we copy its config file to /etc/httpd/conf.d/modsecurity.conf. This will be the file we will modify to control mod_security’s settings.

4. Enable mod_security

Create a backup of Apache config file.

# sudo cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd-backup.conf

Open Apache configuration file in a text editor.

# sudo vi /etc/httpd/conf/httpd.conf

Enable mod_security by uncommenting the following line by removing # at its beginning

#LoadModule security2_module modules/mod_security2.so

to

LoadModule security2_module modules/mod_security2.so

The above change will enable mod_security as a module in Apache server. Also add the following lines at the end of the file. This will point Apache to mod_security’s config file.

<IfModule security2_module>
   Include conf.d/modsecurity.conf
</IfModule>

5. Configure mod_security

It can be tedious to setup firewall rules from scratch. mod_security provides a set of pre-defined firewall rules to help you get started. You can easily setup core mod_security rules by downloading and installing Open Web Application Security Project (OWASP) rule set.

# cd /etc/httpd
# git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
# mv owasp-modsecurity-crs modsecurity-crs
# cd modsecurity-crs
# cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_config.conf

Open Apache web configuration file

# sudo vi /etc/httpd/conf/httpd.conf

Add the following lines at its end.

Include modsecurity-crs/modsecurity_crs_10_config.conf
Include modsecurity-crs/base_rules/*.conf

If you want to learn more about how to customize mod_security rules refer to this documentation. mod_security is very flexible and allows you to setup rules for one or more domains, IP address, network, application or even URLs. In fact, the latest version mod_security even allows you to configure rules via .htaccess file, without the need of modifying config files or Apache or mod_security.

6. Restart Apache Web Server

Restart Apache web server to apply changes

# systemctl restart httpd

Conclusion

In this article, we have learnt how to install mod_security in CentOS. You can also use it for similar Linux distributions such as RHEL, Fedora, SUSE. It is important to setup some kind of firewall for your website in today’s world, to protect it from malicious attackers and bots. There are many free and paid services available for this purpose. Among them, mod_security is one of the most popular firewall applications that is easy to setup and use. It plays well with Apache, IIS and NGINX, which are used by most website and apps these days.

Ubiq makes it easy to visualize data, and monitor them in real-time dashboards. Try Ubiq for free.

Also read :
How to Set up Virtual Hosts in Apache
How to Remove index.php from URL
How to use Apache bench for Load Testing
How to Create Self-Signed SSL certificate for Apache
How to Create Custom 404 Page in Apache