I know many of you out there are saying “mod_security’s been around forever and you’re just reading about it now?”
The truth is that I’ve heard of it, but hadn’t had both the time and the reminder to implement it until now.
The module provides Apache with application-level firewalling, protecting it from all manner of web attacks.
It’s relatively easy to use these days.
Download it from: http://www.modsecurity.org/download/index.html
Install it as per the README
Then you have to do some stuff that’s not in the docs I found, hence I’m writing this blog post.
Edit /etc/httpd/conf/httpd.conf
Put the following directives in:
LoadFile /usr/lib/libxml2.so LoadModule unique_id_module modules/mod_unique_id.so LoadModule security2_module modules/mod_security2.so
That mod_unique_id isn’t mentioned in the directions. Ergh!
Also, make sure you download the rules too.
You unzip/tar them into your /etc/httpd/conf.d
directory (or make your own modsecurity directory and tell Apache to Include it).
Restart Apache.
Now you’ve got an application-level firewall on your web server. It took less than half an hour. Most of that was reading docs.