mod_security is a powerful firewall application for Apache web server to protect your website from malicious threats. It also supports logging, monitoring and filtering requests for Apache server. Here’s how to install Apache mod_security in Ubuntu.
How to Install Apache mod_security in Ubuntu
Here are the steps to install Apache mod_security in Ubuntu.
1. Install Apache mod_security in Ubuntu
Open terminal and run the following command to install Apache mod_security in Ubuntu
$ sudo apt-get install libapache2-mod-security2
Bonus Read : How to Install SSL Certificate on Apache Windows
2. Configure mod_security in Apache
mod_security needs certain configuration rules to work. They determine what mod_security should pass, drop, execute, redirect, or even log during each session.
mod_security comes with a default configuration file located at /etc/modsecurity/modsecurity.conf-recommended
Copy it to etc/modsecurity/modsecurity.conf to enable & configure mod_security
$ sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
Open mod_security.conf in a text editor
$ sudo vi /etc/modsecurity/modsecurity.conf
Change the value of SecRuleEngine from DetectionOnly to On
$ SecRuleEngine = on
Save & Close the file
Bonus Read : How to Generate CSR for SSL Certificate in Linux
3. Restart Apache Server
Restart Apache web server to apply changes
$ sudo systemctl restart apache2
Bonus Read : How to Redirect non-www to www in Apache htaccess
That’s it! Now you can also install and configure Apache mod_security in Ubuntu.