ModSecurity (also known as ModSec) is an open-source web application firewall (WAF). Initially developed as a module on Apache is now a full-fledged WAS that also supports Nginx and IIS. Modric was developed to protect against many common attacks, including XSS, code injection, etc. Although works with Nginx and other web servers, it works even better with Apache, and that is why most run it with Apache. ModSecurity can act as an extra security layer, detecting and preventing attacks before they reach the web application. Below is how to install ModSec on Ubuntu Linux.
How to install ModSec with Apache on Ubuntu Linux
As described above, ModSec is an open-source web application firewall (WAF). Initially developed as a module on Apache is now a full-fledged WAS that also supports Nginx and IIS. Below is how to install it with the Apache HTTP server.
Install ModSecurity and Apache
ModSec module is available in Ubuntu default repositories. All you need to do is run the commands below to install it with Apache. To check that ModSec is installed, run the commands below. The command above should output a line below. If not enabled, you can enable the module by running the commands below.
Configure ModSecurity
When you install ModSec, its default rules are set to log suspicious activities only, and not take any actions. You will have to edit its configurations to modify the rules if you want to take preventive actions. By default, the configuration file is at /etc/modsecurity/modsecurity.conf-recommended. To configure your environment based on the file, copy and rename it as modsecurity. conf. Next, run the commands below to open the newly created config file. Change the highlighted lines in the file from DetectionOnly to On. Save and exit, then restart Apache.
Add OWASP ModSecurity rules
OWASP CRS ModSec file contains recommenced security settings for most environments. You can use it in yours to protect your apps. Clone the latest OWASP CRS from GitHub to the /usr/share/ directory by running the commands below. Next, rename the example file to crs-setup.conf. Next, run the commands below to open the ModSec security configuration file. Then edit the highlighted lines to enable the OWASP rules we downloaded above. Save and exit. Restart Apache and you’re good to go. To test that ModSec is running, run the commands below. You should get an output message similar to the one below: That should do it! Conclusion: This post showed you how to install and use ModSecurity with Apache on Ubuntu Linux. If you find any error above or have something to add, please use the comment form below.