CONFIGURE MOD_SECURITY 2 ON LINUX SERVER

ModSecurity is a web application firewall program that is capable of doing either embedded or as a reverse proxy servers. It provides protection from a wide range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.

If you want to disable Mod-Security, you can check our article on Disable mod security for a single domain in cPanel

Do the following steps in order to install mod_security on your server.

Login to the server as root.

Go to directory /etc.

cd /etc

Download the respective file modsec2_rules.tar.gz

Lets uncompress the file.

tar -xzvf modsec2_rules.tar.gz

Edit the modsec2.conf file.

vi /usr/local/apache/conf/modsec2.conf

Now copy and paste following rules in your modsec2.conf file.

<IfModule mod_security2.c>
SecRuleEngine On
# “Add the rules that will do exactly the same as the directives”
# SecFilterCheckURLEncoding On
# SecFilterForceByteRange 0 255
SecAuditEngine RelevantOnly
SecAuditLog logs/modsec_audit.log
SecDebugLog logs/modsec_debug_log
SecDebugLogLevel 0
SecDefaultAction “phase:2,deny,log,status:406?
SecRule REMOTE_ADDR “^127.0.0.1$” nolog,allow
Include “/usr/local/apache/conf/modsec2.user.conf”

SecServerSignature “Rules Powered By HyperOIS.com”

#First, add in your exclusion rules:
#These MUST come first!
Include /etc/modsecurity/exclude.conf

#Application protection rules
Include /etc/modsecurity/rules.conf

#Just in Time Patches for Vulnerable Applications
Include /etc/modsecurity/jitp.conf

#Comment spam rules
Include /etc/modsecurity/blacklist.conf

#Bad hosts, bad proxies and other bad players
Include /etc/modsecurity/blacklist2.conf

#Bad clients, known bogus useragents and other signs of malware
Include /etc/modsecurity/useragents.conf

#Known bad software, rootkits and other malware
Include /etc/modsecurity/rootkits.conf

#Additional rules for Apache 2.x ONLY! Do not add this line if you use Apache 1.x
Include /etc/modsecurity/apache2-rules.conf
</IfModule>

Save and exit the file .
Restart the apache service

service httpd restart
or
/etc/init.d/httpd restart