Which application is used as firewall open-source? It is nothing but ModSecurity alias Modsec. Leaving all this aside, you must know the importance of a firewall. It acts as the filtering part by ignoring unauthorized access to your server. Modsec gives more offers to HyperText Transfer Protocol (HTTP). You can use it freely with other features such as filtering, logging and monitoring the request on the server of Apache.
This would help you to work against more vulnerabilities such as the Rule Set of ModSecurity OWASP.
Step 1: Check whether Ubuntu has Apache installation. If not, kindly update it by executing the below command:
Start installing the Apache by executing the below command:
Just keep pressing on the key “Y” and then tap on the button “Enter”.
If you have installed the Apache already, you will get the message as:
Now, you can install ModSecurity by running the command:
Now do Apache restart by executing the below command:
Just run the below command to check the module is enabled or not:
Here is the output:
ModSecurity Configuration:
The engine of ModSecurity runs with a set of rules. These kinds of rules will decide on web server communication. Based on the configuration, you will get more features such as executing script, redirection and passing too. The configuration file has default one in /etc/modsecurity/modsecurity.conf-recommended. Just copy it to /etc/ModSecurity/ModSecurity.conf for enabling it and configuring ModSecurity.
Use nano editor, for the editing the copied one:
Just do value change from DetectionOnly to SecRuleEngine
Tap on CTRL + X and Press “Y” later Enter.
Restarting Apache will help you to change the values:
The default value is situated at the directory /usr/share/modsecurity-crs.
Renaming the directory of default rules:
Use Git-Hub for downloading the new set of rules:
Use the command mentioned below to copy the configuration of sample one:
You need to kick start the command by editing the file /etc/apache2/mods-enabled/security2.conf by using the editor nano:
Just add the below lines at the end of the statement:
Just press “CTRL + X and then keep pressing on the file “Y”. Tap on the button “Enter”!
Do Apache restart again by executing the command? Yes!
ModSecurity Test:
Check the trigger of rules in ModSecurity by executing the suspicious activity in the browser.
http://127.0.0.1/index.html?exec=/bin/bash
By now, you will get an error forbidden message. You are protected with the Apache webserver.
This would help you to work against more vulnerabilities such as the Rule Set of ModSecurity OWASP.
Step 1: Check whether Ubuntu has Apache installation. If not, kindly update it by executing the below command:
Code:
$ sudo apt-get update
Code:
$ sudo apt-get install Apache2If you have installed the Apache already, you will get the message as:
Code:
apache2 is already the newest version
Code:
$ sudo apt-get install libapache2-mod-security2
Code:
$ sudo service apache2 restart
Code:
$ sudo apachectl -M | grep security
Code:
security2_module (shared)The engine of ModSecurity runs with a set of rules. These kinds of rules will decide on web server communication. Based on the configuration, you will get more features such as executing script, redirection and passing too. The configuration file has default one in /etc/modsecurity/modsecurity.conf-recommended. Just copy it to /etc/ModSecurity/ModSecurity.conf for enabling it and configuring ModSecurity.
Code:
$ sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
Code:
$ sudo nano /etc/modsecurity/modsecurity.conf
Code:
$ SecRuleEngine = onRestarting Apache will help you to change the values:
Code:
$ sudo systemctl restart apache2Renaming the directory of default rules:
Code:
$ sudo mv /usr/share/modsecurity-crs /usr/share/modsecurity-crs.bk
Code:
$ sudo git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git /usr/share/modsecurity-crs
Code:
$ sudo cp /usr/share/modsecurity-crs/crs-setup.conf.example /usr/share/modsecurity-crs/crs-setup.conf
Code:
$ sudo nano /etc/apache2/mods-enabled/security2.conf
Code:
$ IncludeOptional /usr/share/modsecurity-crs/*.conf
$ IncludeOptional "/usr/share/modsecurity-crs/rules/*.confDo Apache restart again by executing the command? Yes!
Code:
$ sudo systemctl restart apache2Check the trigger of rules in ModSecurity by executing the suspicious activity in the browser.
http://127.0.0.1/index.html?exec=/bin/bash
By now, you will get an error forbidden message. You are protected with the Apache webserver.
