Apache mod-security installation on Debian 6.0 (squeeze)
Install the apache mod-security 2 module with apt from the Debian repositories
apt-get install libapache-mod-security
Create the folder for the mod-security configuration files
mkdir /etc/apache2/mod-security
chmod 600 /etc/apache2/mod-security
Download and unpack the mod-security rules
cd /tmp
wget http://www.modsecurity.org/download/modsecurity-core-rules_2.5-1.6.1.tar.gz
tar fvx modsecurity-core-rules_2.5-1.6.1.tar.gz
mv *.conf /etc/apache2/mod-security/
ln -s /var/log/apache2 /etc/apache2/logs
Configure apache to load the activated mod-security rules
vi /etc/apache2/conf.d/mod-security.conf
Include /etc/apache2/mod-security/*.conf
To enable mod-security, edit the file
vi /etc/apache2/mod-security/modsecurity_crs_10_config.conf
and remove the # in front of the line:
SecDefaultAction “phase:2,log,deny,status:403,t:lowercase,t:replaceNulls,t:compressWhitespace”
Then reload apache.
/etc/init.d/apache2 force-reload
Mod security will now start to block hack attempts to your websites and log the actions in the file /var/log/apache2/modsec_audit.log.
tail /var/log/apache2/modsec_audit.log
You will see very likely some falsely blocked URL’s. To whitelist them, you can add the ID’s of the rules that should not be used in the whitelist file.
Example:
vi /etc/apache2/mod-security/modsecurity_crs_99_whitelist.conf
SecRuleRemoveById 960015
SecRuleRemoveById 960016
great ! It helped me so much with Apache, thank you !
I did it, but the problem is not resolved, is’s due to the version of the apache?
TN, is your issue related to %{unique_id} ¿? i must update to mod-secure 2.7.0 in able to use {unique_id} on a redirect inside the secrule
Thanks a lot dude.
Very usefull.
Keep up.
Great work!
Thank’s a lot
I am not sure what’s with the downloading modsecurity-core-rules_2.5-1.6.1 but the link provided in this article does not exist. Plus Debian Squeeze runs chrooted and there is a dependency called mod-security-common that is automatically loaded / installed together with libapache-mod-security. The mod-security-common package places all the files you need (modsecurity-crs) into /usr/share/doc/mod-security-common. Now simply move them around, create symlinks, etc. There is no need to download them for two times, first together with apt-get install libapache-mod-security and then for the second time again from wget http://www.modsecurity.org/download/modsecurity-core-rules_2.5-1.6.1.tar.gz (this link does not exist as mentioned earlier)
The crucial part here is how to start this “thing” and the place where it says vi /etc/apache2/conf.d/mod-security.conf (the “mod-security.conf” file has to be created manually if not done via vim) in order to put in there Include /etc/apache2/mod-security/*.conf is the most important to understand.
I thought I would clarify a few things as the article is real good.
The download link in the guide works for me and I used it a few days ago on a server successfully. Maybe the server was offline at the time you tried it.