Install and configure ModSecurity in Apache

1. install LAMP and the compiling environment # Apache 2.2.5 # Mysql 5.1.6 # install apache + php + mysql # yum-y install httpd php mysql-server php-mysql environment # yum install gcc make # yum install libxml2 libxml2-devel httpd-devel pcre-devel curl-devel start service test # service httpd start # service mysqld start note: iptables is required to allow all IP addresses to access port 80. 2. Install mod_security to download the source code from the official website, compile and install mod_security. // Sourceforge fuck gwf # wget http://www.modsecurity.org/download/modsecurity-apache_2.6.6.tar.gz # Tar xzf modsecurity-apache_2.6.6.tar.gz # cd modsecurity-apache_2.6.6 #. /configure # make install # cp modsecurity. conf-recommended/etc/httpd/conf. d/modsecurity. for conf3 and rule configuration, You need to configure some rules to prevent unknown vulnerabilities and scan. The Modsecurity recommendation rules and OWASP_CRS rules are combined as follows: The Detailed Rules adopt OWASP_CRS: http://downloads.sourceforge.net/project/mod-security/modsecurity-crs/0-CURRENT/modsecurity-crs_2.2.5.tar.gz Use Modsecurity recommendation rules to set basic rules: http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/trunk/modsecurity.conf-recommended Add the content of the Modsecurity recommendation rule file to the front of modsecurity_crs_10_config.conf and change SecRuleEngine DetectionOnly to SecRuleEngine On (because it requires more than detection and defense ). # Cd/etc/httpd/# wget http://downloads.sourceforge.net/project/mod-security/modsecurity-crs/0-CURRENT/modsecurity-crs_2.2.5.tar.gz # Tar xzf modsecurity-crs_2.2.5.tar.gz # mv modsecurity-crs_2.2.5 modsecurity-crs # cd modsecurity-crs # cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_config.conf # vi/etc/httpd/modsecurity. d/modsecurity_crs_10_config.conf4. Load the module Apache to load the mod_security module. You must disable apache when modifying the module. # Vi/etc/httpd/conf/httpd. find the LoadModule In the conf file and add the following code: # LoadModule security2_module modules/mod_security2.so # LoadModule unique_id_module modules/mod_unique_id.so and then add the module configuration file? 1234567 & lt; IfModule security2_module & gt; Include/etc/httpd/modsecurity-crs/modsecurity_crs_10_config.conf Include/etc/httpd/modsecurity-crs/base_rules /*. conf & lt;/IfModule & gt; restart apache # service httpd restart5. For function testing, see the appendix. 6. CONCLUSION Through the above installation and testing, we found that modsecurity can defend against some attacks. At the same time, users can customize rules as needed. In terms of functionality, it is still very good, however, the rule configuration is relatively complex and requires in-depth research in practical application. References http://www.tecmint.com/protect-apache-using-mod_security-and-mod_evasive-on-rhel-centos-fedora/ http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/trunk/modsecurity.conf-recommended http://blog.secaserver.com/2011/10/install-mod_security-apache2-easiest/