Configuration of Mod Security in Apache Web Server

Configuration of Mod Security is a module that provides the Web Application Firewall for your Apache server against the outside attack. We can install mod security and create rules in an apache server.

Configuration of Mod Security in Apache Web Server:

It also acts as an Intrusion detection tool which allows you to reach suspicious events that are happening on your server.

Check Out: How To Install Node.js And NPM On Ubuntu 19.10

It also allows you to monitor real-time HTTP traffic.

Install the Package

yum install mod_security -y

If you do not find this package in the yum repository, You can add epel-repo to install this package.

Link to download Epel Repo for Redhat 7 Download and Redhat 6 Download

Check Out: Hide Apache Server Name

Check the module already loaded or not.

httpd -M | grep sec

Output: security2_module (shared)

Check Out: Redirect One Domain To Another Domain

File Location /etc/httpd/conf.d/mod_security.conf

Now configure with desired value :

1. On – rules activated

2. Off – rules deactivated

3. DetectionOnly – only intercepts and logs transactions

The default setting will be SecRuleEngine DetectionOnly

Changed to SecRuleEngine On

You may also set up some other parameters according to your needs.

Check Out: Apache “Test a Web Page Using Name-Based Virtual Hosting

Keeping This “SecRequestBodyAccess Off“ when you need to be kept is “On“ when the data leakage detection and protection are required otherwise it will use server resources and increase the log size.

You can also limit the maximum data that can be posted to your web application according to your needs.

These are the default values defined in mod_security.conf file

SecRequestBodyLimit 13107200
SecRequestBodyNoFilesLimit 131072
SecRequestBodyInMemoryLimit 131072

After all, these settings, Restart the Apache service

systemctl restart httpd

That’s it. mod security rules mod install

Share on:

I'm the founder of Curious Viral. I hope this blog will provide you complete information about Linux Technology & I would like to share my technical knowledge with you which I have learned during this period.

Other Posts You May Like...

Leave a comment