ModSecurity is a web application firewall program that is capable of doing either embedded or as a reverse proxy servers. It provides protection from a wide range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.
[wpfmb type=’info’ theme=2]If you want to disable Mod-Security, you can check our article on Disable mod security for a single domain in cPanel[/wpfmb]
Do the following steps in order to install mod_security on your server.
Login to the server as root.
Go to directory /etc.
cd /etc
Download the respective file modsec2_rules.tar.gz
Lets uncompress the file.
tar -xzvf modsec2_rules.tar.gz
Edit the modsec2.conf file.
vi /usr/local/apache/conf/modsec2.conf
Now copy and paste following rules in your modsec2.conf file.
<IfModule mod_security2.c> SecRuleEngine On # “Add the rules that will do exactly the same as the directives” # SecFilterCheckURLEncoding On # SecFilterForceByteRange 0 255 SecAuditEngine RelevantOnly SecAuditLog logs/modsec_audit.log SecDebugLog logs/modsec_debug_log SecDebugLogLevel 0 SecDefaultAction “phase:2,deny,log,status:406? SecRule REMOTE_ADDR “^127.0.0.1$” nolog,allow Include “/usr/local/apache/conf/modsec2.user.conf” SecServerSignature “Rules Powered By HyperOIS.com” #First, add in your exclusion rules: #These MUST come first! Include /etc/modsecurity/exclude.conf #Application protection rules Include /etc/modsecurity/rules.conf #Just in Time Patches for Vulnerable Applications Include /etc/modsecurity/jitp.conf #Comment spam rules Include /etc/modsecurity/blacklist.conf #Bad hosts, bad proxies and other bad players Include /etc/modsecurity/blacklist2.conf #Bad clients, known bogus useragents and other signs of malware Include /etc/modsecurity/useragents.conf #Known bad software, rootkits and other malware Include /etc/modsecurity/rootkits.conf #Additional rules for Apache 2.x ONLY! Do not add this line if you use Apache 1.x Include /etc/modsecurity/apache2-rules.conf </IfModule>
Save and exit the file .
Restart the apache service
service httpd restart or /etc/init.d/httpd restart