Configuration of Mod Security is a module that provides the Web Application Firewall for your Apache server against the outside attack. We can install mod security and create rules in an apache server.
Configuration of Mod Security in Apache Web Server:
It also acts as an Intrusion detection tool which allows you to reach suspicious events that are happening on your server.
It also allows you to monitor real-time HTTP traffic.
Install the Package
yum install mod_security -y
If you do not find this package in the yum repository, You can add epel-repo to install this package.
Check Out: Hide Apache Server Name
Check the module already loaded or not.
httpd -M | grep sec
Output: security2_module (shared)
Check Out: Redirect One Domain To Another Domain
File Location /etc/httpd/conf.d/mod_security.conf
Now configure with desired value :
1. On – rules activated
2. Off – rules deactivated
3. DetectionOnly – only intercepts and logs transactions
The default setting will be SecRuleEngine DetectionOnly
Changed to SecRuleEngine On
You may also set up some other parameters according to your needs.
Keeping This “SecRequestBodyAccess Off“ when you need to be kept is “On“ when the data leakage detection and protection are required otherwise it will use server resources and increase the log size.
You can also limit the maximum data that can be posted to your web application according to your needs.
These are the default values defined in mod_security.conf file
SecRequestBodyLimit 13107200 SecRequestBodyNoFilesLimit 131072 SecRequestBodyInMemoryLimit 131072
After all, these settings, Restart the Apache service
systemctl restart httpd
That’s it. mod security rules mod install