Apache2 Mod Security

These notes relate to configuration with Debian 6 (Squeeze).

Installing

# apt-get install libapache-mod-security
# mkdir /etc/apache2/mod-security
# chmod 700 /etc/apache2/mod-security
# cp /usr/share/doc/libapache-mod-security/examples/rules/modsecurity_crs_10_config.conf \
#    /etc/apache2/mod-security/
# cp /usr/share/doc/libapache-mod-security/examples/modsecurity.conf-minimal \
#    /etc/apache2/conf.d/mod-security.conf
# ln -s /var/log/apache2 /etc/apache2/logs

Configuring

Wrap the contents of /etc/apache2/conf.d/mod-security.conf inside a \\ directive.

Add SecDataDir /var/local/apache2/data near the begining of the configuration file and Include /etc/apache2/mod-security/ to the end of the file.

Create the data directory:

# mkdir -p /var/local/apache2/data
# chmod 750 /var/local/apache2/data
# chown www-data.www-data /var/local/apache2/data

Copy any other desired rules from the examples directory to /etc/apache2/mod-security/

Debian 8 (Jessie)

Install the following packages:

  • libapache2-mod-security2
  • modsecurity-crs

The latter package contains the Core Rule Set for Mod Security that was previously distributed as examples.

Read the instructions in /usr/share/doc/modsecurity-crs/README.Debian.

References

-- Frank Dean - 04-Jun-2012

Related Topics: ApacheHints