How to is for Apache 2.X only.

This HOW-TO is for Apache 2.X only.

1. cd /usr/local/src
2. mkdir modsecurity2
3. cd modsecurity2
4. wget http://www.serverbuddies.com/files/modsecurity-apache_2.5.9.tar.gz
5. perl -pi -e 's/ServerTokens Major/ServerTokens Full/' /etc/httpd/conf/extra/httpd-default.conf
6. perl -pi -e 's/ServerSignature Off/ServerSignature On/' /etc/httpd/conf/extra/httpd-default.conf
7.perl -pi -e 's/ServerSignature EMail/ServerSignature On/' /etc/httpd/conf/extra/httpd-default.conf
8. tar xzf modsecurity-apache_2.5.9.tar.gz
9. cd modsecurity-apache_2.5.9
10.cd apache2
11. ./configure
12.  make
13.  make test
14.  make install

Now we download a pre-defined mod_sec ruleset,

1. mkdir /etc/modsecurity2/ ; cd /etc/modsecurity2/
2. wget http://www.serverbuddies.com/files/modsec.v2.rules.conf

Add the new compiled mod_security module into the apache configuration,

1. vi /etc/httpd/conf/httpd.conf  ( ore use nano )

After:

LoadModule php5_module /usr/lib/apache/libphp5.so

Add:

For 32bit -

1. LoadFile /usr/lib/libxml2.so
2. LoadModule security2_module     /usr/lib/apache/mod_security2.so

For 64bit -

1. LoadFile /usr/lib64/libxml2.so
2. LoadModule security2_module     /usr/lib/apache/mod_security2.so

At the botton of the httpd.conf config file we add the following,

1.  
2.  #ModSecurity2 config file.
3. #
4. Include /etc/modsecurity2/modsec.v2.rules.conf
5.  

Restart the webserver.

1. service httpd restart


Was this article helpful?

mood_bad Dislike 2
mood Like 0
visibility Views: 13234