How to install ModSecurity on Apache for CentOS 7

weborissa

ModSecurity Introduction

ModSecurity is a toolkit for real-time web application monitoring, logging, and access control. you can consider it as an enabler, there are no hard rules telling you what to do, instead, it is up to you to choose your own path through the available features. The freedom to choose what to do is an essential part of ModSecurity’s identity and goes very well with its open source nature. With full access to the source code, your freedom to choose extends to the ability to customize and extend the tool itself to make it fit your needs.

Install ModSecurity

yum install mod_security

Verify if the ModSecurity module was loaded with your Apache:

apachectl -M | grep --color sec

You should see a module named “security2_module (shared)” which indicates that the module was loaded.

The installation includes a recommended configuration file which has to be renamed with the command below:

mv /etc/modsecurity/modsecurity.conf{-recommended,}

Restart Apache:

systemctl restart apache2 systemctl restart httpd

Configuring ModSecurity

If you want to add rules or edit some existing rules you should open the “modsecurity.conf” and make changes. Here we are going to point to some common rules and configurations:

vi /etc/modsecurity/modsecurity.conf

Find the following line:

SecRuleEngine DetectionOnly

And change it like below:

SecRuleEngine On

Another directive to modify is “SecResponseBodyAccess” This configures whether response bodies are buffered. This is only necessary if data leakage detection and protection is required. Therefore, leaving it On will use up servers resources and also increase the log file size.

Find the following line:

SecResponseBodyAccess On

And turn it off like below:

SecResponseBodyAccess Off

We also can limit the maximum data that can be posted to your web application:

SecRequestBodyLimit
SecRequestBodyNoFilesLimit

The “SecRequestBodyLimit” specifies the maximum post data size. If anything larger is sent by a client the server will respond with a “413 Request Entity Too Large” error. If your web application doesn’t have any file uploads this value can be greatly reduced.

The default value of the configuration file is:

Click here

Rule-Set Recommendation

You can also use free ModSecurity  rules provided by Cybersecurity companies like Comodo.

Related posts

3 Thoughts to “How to install ModSecurity on Apache for CentOS 7”

  1. Website Design Oakland
    December 5, 2024 at 7:13 pm

    Pretty nice post. I discovered your weblog and wished
    to say just
    that I’ve really enjoyed searching your blog posts.
    In any case
    I’m going to be subscribing to your rss feed (hopefully I can find it)
    and I hope
    you write again very soon!

    Reply
  2. Website Design Oakville
    December 5, 2024 at 8:10 pm

    This is absolutely interesting, You’re an extremely skilled blogger.
    I’ve joined
    your feed and appearance forward to seeking more of your wonderful post.
    Also,
    I’ve distributed your web site in my internet sites!

    Reply
  3. Cont Binance
    March 26, 2025 at 6:46 pm

    Your point of view caught my eye and was very interesting. Thanks. I have a question for you.

    Reply

Leave a Comment