ModSecurity is a toolkit for real-time web application monitoring, logging, and access control. you can consider it as an enabler, there are no hard rules telling you what to do, instead, it is up to you to choose your own path through the available features.\u00a0The freedom to choose what to do is an essential part of ModSecurity\u2019s identity and goes very well with its open source nature. With full access to the source code, your freedom to choose extends to the ability to customize and extend the tool itself to make it fit your needs.<\/p>\n
yum install mod_security<\/code><\/pre>\nVerify if the ModSecurity module was loaded with your Apache:<\/p>\n
apachectl\u00a0-M | grep --color sec<\/code><\/pre>\nYou should see a module named \u201csecurity2_module (shared)\u201d which indicates that the module was loaded.<\/p>\n
The installation includes a recommended configuration file which has to be renamed with the command below:<\/p>\n
mv \/etc\/modsecurity\/modsecurity.conf{-recommended,}<\/code><\/pre>\nRestart Apache:<\/p>\n
systemctl restart apache2<\/code> systemctl restart httpd<\/pre>\nConfiguring ModSecurity<\/h4>\n
If you want to add rules or edit some existing rules you should open the \u201cmodsecurity.conf\u201d and make changes. Here we are going to point to some common rules and configurations:<\/p>\n
vi \/etc\/modsecurity\/modsecurity.conf<\/code><\/pre>\nFind\u00a0the following line:<\/p>\n
SecRuleEngine DetectionOnly<\/code><\/pre>\nAnd change it like below:<\/p>\n
SecRuleEngine On<\/code><\/pre>\nAnother directive to modify is \u201cSecResponseBodyAccess\u201d This configures whether response bodies are buffered. This is only necessary if data leakage detection and protection is required. Therefore, leaving it On will use up servers resources and also increase the log file size.<\/p>\n
Find the following line:<\/p>\n
SecResponseBodyAccess On<\/code><\/pre>\nAnd turn it off like below:<\/p>\n
SecResponseBodyAccess Off<\/code><\/pre>\nWe also can limit the maximum data that can be posted to your web application:<\/p>\n
SecRequestBodyLimit\nSecRequestBodyNoFilesLimit<\/code><\/pre>\nThe \u201cSecRequestBodyLimit\u201d specifies the maximum post data size. If anything larger is sent by a client the server will respond with a \u201c413 Request Entity Too Large\u201d error. If your web application doesn\u2019t have any file uploads this value can be greatly reduced.<\/p>\n
The default value of the configuration file is:<\/p>\n