In this article, we will have explained the necessary steps to install and configure ModSecurity Apache on Ubuntu 20.04 LTS. Before continuing with this tutorial, make sure you are logged in as a user with sudo privileges. All the commands in this tutorial should be run as a non-root user.
ModSecurity is the most well-known open-source web application firewall (WAF), providing comprehensive protection for your web applications (like WordPress, Owncloud, Ghost, etc) against a wide range of Layer 7 (HTTP) attacks, such as SQL injection, cross-site scripting, and local file inclusion. ModSecurity is a toolkit for real-time web application monitoring, logging, and access control.
Install ModSecurity Apache on Ubuntu 20.04
Step 1. First, before you start installing any package on your Ubuntu server, we always recommend making sure that all system packages are updated.
sudo apt update sudo apt upgrade
Step 2. Install ModSecurity on the Ubuntu system.
Run the command to install it on Ubuntu:
sudo apt install libapache2-mod-security2
Restart Apache for the change to take effect:
sudo systemctl restart apache2
Verify that the version of ModSecurity:
apt-cache show libapache2-modsecurity
Step 3. Configure ModSecurity.
Now move and change the name of the default ModSecurity file:
sudo mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
Next, download the OWASP ModSecurity CRS from Github:
cd ~ git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
After that, move and rename crs-setup.conf.example to crs-setup.conf. Then move rules/ directory as well:
cd ~/owasp-modsecurity-crs sudo mv crs-setup.conf.example /etc/modsecurity/crs-setup.conf sudo mv rules/ /etc/modsecurity/
Next, open this configuration file:
sudo nano etc/apache2/mods-available/security2.conf
Add another Include directive pointing to the ruleset:
<IfModule security2_module>
# Default Debian dir for modsecurity's persistent data
SecDataDir /var/cache/modsecurity
# Include all the *.conf files in /etc/modsecurity.
# Keeping your local configuration in that directory
# will allow for an easy upgrade of THIS file and
# make your life easier
IncludeOptional /etc/modsecurity/*.conf
Include /etc/modsecurity/rules/*.conf
</IfModule>
Restart Apache for changes to take effect:
sudo systemctl restart apache2
Step 4. Test ModSecurity.
Open the default Apache configuration and add two additional directives, using the default configuration as an example:
sudo nano /etc/apache2/sites-available/000-default.conf
Add the SecRuleEngine and SecRule directives as shown below:
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SecRuleEngine On
SecRule ARGS:modsecparam "@contains test" "id:4567,deny,status:403,msg:'ModSecurity test rule'"
</VirtualHost>
Restart Apache to take changes into effect:
sudo systemctl restart apache2
Next, curl the index page to intentionally trigger the alarms using the following:
curl localhost/index.html?modsecparam=test
The response code should be 403. There should be a message in the logs that shows the defined ModSecurity rule worked. You should expect to get a 403 response code and see the response from the logs:
sudo tail -f /var/log/apache2/error.log
That’s all you need to do to install ModSecurity on Ubuntu 20.04 LTS Focal Fossa. I hope you find this quick tip helpful. For further reading on ModSecurity Apache, please refer to their official knowledge base. If you have questions or suggestions, feel free to leave a comment below.