How to install Mod_Security to secure Apache

This tutorial is only for the CWP version 0.1 to 0.7, in the newer version you can install it with one click from the panel
=======================================================================

ModSecurity operates embedded into the web server (httpd/apache), acting as a powerful IPS - shielding web applications from attacks

If you have CWP installed than you can install Mod Security and rules with one click from Security menu in CWP.

Install Mod_Security

Code: [Select]

yum install mod_security git
cd /etc/httpd/
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
mv owasp-modsecurity-crs modsecurity-crs
cd modsecurity-crs
cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_config.conf

Now add config to end of file: /etc/httpd/conf/httpd.conf

Code: [Select]

<IfModule security2_module>
    Include modsecurity-crs/modsecurity_crs_10_config.conf
    Include modsecurity-crs/base_rules/*.conf
</IfModule>

That is it, do not forget to restart server

Code: [Select]

service httpd restart
Check logs if mod_security works

Code: [Select]

/var/log/httpd/error_log

mod_security configuration files

    /etc/httpd/conf.d/mod_security.conf - main configuration file for the mod_security Apache module.
    /etc/httpd/modsecurity-crs/ - all other configuration files for the mod_security Apache.
    /etc/httpd/modsecurity-crs/modsecurity_crs_10_config.conf - Configuration contained in this file should be customized for your specific requirements before deployment.
    /var/log/httpd/modsec_debug.log - Use debug messages for debugging mod_security rules and other problems.
    /var/log/httpd/modsec_audit.log - All requests that trigger a ModSecurity events (as detected) or a server error are logged ("RelevantOnly") are logged into this file.

*Any change made requires Apache restart

Code: [Select]

service httpd restart

After installing Mod_security, the site is not opening and getting error saying that "Forbidden 403 permission denied". If I disable Mod_security, the site is working. I am running Prestashop e-commerce site in my domain. I want mod_security enabled in my vps. Please tell me how to fix this?

Thanks

in the mod security module you can white-list the rules which is causing the issues for you, you have also there latest logs so you can check the logs.

I am tired of finding each rules and disabling and testing. It keeps giving the same result with different rule id and continuous. I don't think it is a feasible solution to turn of the rules. I had my site with Zpanel earlier and i did not get any error like this and it was working fine. I am facing the problem after i installed centos-webpanel. There is no use of installing mod_security if we turn off the rules. Any suggestion or solution please?

SecRuleRemoveById 950901
SecRuleRemoveById 958030
SecRuleRemoveById 960015
SecRuleRemoveById 960017
SecRuleRemoveById 960020
SecRuleRemoveById 960024
SecRuleRemoveById 970901
SecRuleRemoveById 973300
SecRuleRemoveById 973338
SecRuleRemoveById 981172
SecRuleRemoveById 981173
SecRuleRemoveById 981243
SecRuleRemoveById 981245
SecRuleRemoveById 981257
SecRuleRemoveById 981318
SecRuleRemoveById 981319
SecRuleRemoveById 990012

this is not mod security like with the other control panels with all defaults and extremely low protection.

CWP is using OWASP rules which provide the much higher protection level so you can disable the rules which are blocking your site functionality.

more info about mode security rules can be found here.
https://www.owasp.org

Installed Mod_Security and when I go to restart Apache Server this is what I get:

Stopping httpd: [FAILED]
Starting httpd: httpd: Syntax error on line 419 of /usr/local/apache/conf/httpd.conf: Syntax error on line 1 of /usr/local/apache/conf.d/mod_security.conf: Cannot load /usr/lib64/libxml2.so into server: /usr/lib64/libxml2.so: cannot open shared object file: No such file or directory
[FAILED]

do you have centos 6 32 or 64bit ?

Centos 6 32 bit.

then you can't have /usr/lib64/libxml2.so try searching for libxml2.so in /usr/lib folder.

If OWASP rules are giving you issues because of their strictness, it might be an idea to look at the mod_security rules offered by Comodo - they call them the WAF - if you google that you'll get more information.

As we've used the rules on a different control panel, I can say there aren't any issues with the major CMS systems being used - and if you do find a block, simply disable that rule.

Hope that helps!

were are testing the rules for a new version so it should come with some disabled rules which are preventing website functionality.