Jump to content

How to install mod_security

0
  Rich Bowen's Photo Submitted by Rich Bowen O'Reilly Author
Posted Aug 31 2009 05:36 PM

If you want to install the mod_security module to take advantage of its simple and powerful filtering mechanisms, try the following:

  1. Download mod_security and the core rules from http://modsecurity.org/download.

    Tip

    After downloading, you should verify the PGP signature to make sure the file hasn’t been altered. See the mod_security Web site for details.

  2. Unpack the kit (not the rules) into a working directory:

    % cd /usr/local/build

%tar xzf /usr/local/kits/modsecurity-apache_2.1.1

  3. Move into the unpacked directory, and build the package using the supplied Makefile. Specify the value of your ServerRoot on the make command line:

    % cd /usr/local/build/modsecurity-apache_2.1.1/apache2

% make top_dir=/usr/local/apache2

#make top_dir=/usr/local/apache2 install

    Tip

    Unlike many other third-party modules, mod_security needs to be built using its own mechanism rather than a simple invocation of Apache’s apxs tool.

  4. Unpack the core rules into a subdirectory under your ServerRoot:

    # cd /usr/local/apache2/conf

# mkdir mod_security

# cd mod_security

#tar xzf /tmp/modsecurity-core-rules_2.1-1.4.tar.gz

  5. Edit your httpd.conf file to add the following lines in the appropriate places:

    LoadModule security_module modules/mod_security2.so
    Include conf/mod_security/*.conf

  6. Restart your server.

The Makefile included with the mod_security package will do the building of the module and put it in the right place, but activating it in your server is your responsibility. Recent versions of the package include a set of core rules for handling things like blog spam and common attacks, and the rules are also available as a separate tarball, which may or may not be updated more frequently than the ones bundled with the software.

The current version of mod_security only supports version 2 of the Apache Web server. There is an older version that supports the 1.3 versions, but it is unlikely to be maintained for long.

Cover of Apache Cookbook
Learn more about this topic from Apache Cookbook, 2nd Edition. 

The new edition of the Apache Cookbook offers you updated solutions to the problems you're likely to encounter with Apache. Thoroughly updated for Apache versions 2.0 and 2.2, this book includes more than 200 recipes ranging from simple tasks, such installing the server on Red Hat Linux or Windows, to more complex tasks, such as setting up name-based virtual hosts or securing and managing your proxy server.

Learn More Read Now on Safari

Tags:
0 Subscribe


0 Replies
 
Sign up today to receive special discounts,
product alerts, and news from O'Reilly.
Privacy Policy >
View Sample Newsletter >