Configuration Of Mod Security in Apache Web Server
Configuration of Mod Security is a module which provides the Web Application Firewall for your Apache server against the outside attack.
It also act as Intrusion detection tool which allowing you to reach to suspicious events which are happening on your server.
It also allows you to monitor real time HTTP traffic.
Install the Package
yum install mod_security -y
If you do not find this package in yum repository, You can add epel-repo to install this package.
Link to download Epel Repo for Redhat 7 Download
Link to download Epel Repo for Redhat 6Download
Check Out : Hide Apache Server Name
Check module already loaded or not.
httpd -M | grep sec
Output: security2_module (shared)
Check Out : Redirect One Domain To Another Domain
File Location /etc/httpd/conf.d/mod_security.conf
Now configure with desired value :
1. On – rules activated
2. Off – rules deactivated
3. DetectionOnly – only intercepts and logs transactions
The default setting will be SecRuleEngine DetectionOnly
Changed to SecRuleEngine On
You may also setup some other parameter according to your need.
Keeping This “ SecRequestBodyAccess Off “ when you need to be kept is “ On “ when the data leakage detection and protection is required otherwise it will use server resources and increase the log size.
You can also limit the maximum data that can be posted to your web application according to your need.
These are the default values defined in mod_security.conf file
After all these settings, Restart the Apache service
systemctl restart httpd