Author Topic: How to install Mod_Security to secure Apache  (Read 10863 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
How to install Mod_Security to secure Apache
« on: February 01, 2014, 01:55:03 AM »
This tutorial is only for the CWP version 0.1 to 0.7, in the newer version you can install it with one click from the panel
=======================================================================

ModSecurity operates embedded into the web server (httpd/apache), acting as a powerful IPS - shielding web applications from attacks

If you have CWP installed than you can install Mod Security and rules with one click from Security menu in CWP.

Install Mod_Security
Code: [Select]
yum install mod_security git
cd /etc/httpd/
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
mv owasp-modsecurity-crs modsecurity-crs
cd modsecurity-crs
cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_config.conf

Now add config to end of file: /etc/httpd/conf/httpd.conf
Code: [Select]
<IfModule security2_module>
    Include modsecurity-crs/modsecurity_crs_10_config.conf
    Include modsecurity-crs/base_rules/*.conf
</IfModule>


That is it, do not forget to restart server
Code: [Select]
service httpd restart
Check logs if mod_security works
Code: [Select]
/var/log/httpd/error_log

mod_security configuration files

    /etc/httpd/conf.d/mod_security.conf - main configuration file for the mod_security Apache module.
    /etc/httpd/modsecurity-crs/ - all other configuration files for the mod_security Apache.
    /etc/httpd/modsecurity-crs/modsecurity_crs_10_config.conf - Configuration contained in this file should be customized for your specific requirements before deployment.
    /var/log/httpd/modsec_debug.log - Use debug messages for debugging mod_security rules and other problems.
    /var/log/httpd/modsec_audit.log - All requests that trigger a ModSecurity events (as detected) or a server error are logged ("RelevantOnly") are logged into this file.

*Any change made requires Apache restart
Code: [Select]
service httpd restart
« Last Edit: October 31, 2014, 05:49:21 PM by Administrator »
AntiDDoS Protection (web + mail)
http://centos-webpanel.com/website-ddos-protection-proxy

Join our Development Team and get paid !
http://centos-webpanel.com/develope-modules-for-cwp


Services Monitoring & RBL Monitoring
http://centos-webpanel.com/services-monitor


Do you need Fast and FREE Support included for your CWP linux server?
http://centos-webpanel.com/noc-partner-list
Installation Instructions
http://centos-webpanel.com/installation-instructions
Get Fast Support Here
http://centos-webpanel.com/support-services

Offline
*
Re: How to install Mod_Security to secure Apache
« Reply #1 on: October 28, 2014, 06:04:28 AM »
After installing Mod_security, the site is not opening and getting error saying that "Forbidden 403 permission denied". If I disable Mod_security, the site is working. I am running Prestashop e-commerce site in my domain. I want mod_security enabled in my vps. Please tell me how to fix this?

Thanks

Offline
*
Re: How to install Mod_Security to secure Apache
« Reply #2 on: October 29, 2014, 02:58:52 AM »
in the mod security module you can white-list the rules which is causing the issues for you, you have also there latest logs so you can check the logs.
AntiDDoS Protection (web + mail)
http://centos-webpanel.com/website-ddos-protection-proxy

Join our Development Team and get paid !
http://centos-webpanel.com/develope-modules-for-cwp


Services Monitoring & RBL Monitoring
http://centos-webpanel.com/services-monitor


Do you need Fast and FREE Support included for your CWP linux server?
http://centos-webpanel.com/noc-partner-list
Installation Instructions
http://centos-webpanel.com/installation-instructions
Get Fast Support Here
http://centos-webpanel.com/support-services

Offline
*
Re: How to install Mod_Security to secure Apache
« Reply #3 on: October 31, 2014, 05:05:56 PM »
I am tired of finding each rules and disabling and testing. It keeps giving the same result with different rule id and continuous. I don't think it is a feasible solution to turn of the rules. I had my site with Zpanel earlier and i did not get any error like this and it was working fine. I am facing the problem after i installed centos-webpanel. There is no use of installing mod_security if we turn off the rules. Any suggestion or solution please?

SecRuleRemoveById 950901
SecRuleRemoveById 958030
SecRuleRemoveById 960015
SecRuleRemoveById 960017
SecRuleRemoveById 960020
SecRuleRemoveById 960024
SecRuleRemoveById 970901
SecRuleRemoveById 973300
SecRuleRemoveById 973338
SecRuleRemoveById 981172
SecRuleRemoveById 981173
SecRuleRemoveById 981243
SecRuleRemoveById 981245
SecRuleRemoveById 981257
SecRuleRemoveById 981318
SecRuleRemoveById 981319
SecRuleRemoveById 990012

Offline
*
Re: How to install Mod_Security to secure Apache
« Reply #4 on: October 31, 2014, 05:45:52 PM »
this is not mod security like with the other control panels with all defaults and extremely low protection.

CWP is using OWASP rules which provide the much higher protection level so you can disable the rules which are blocking your site functionality.

more info about mode security rules can be found here.
https://www.owasp.org
AntiDDoS Protection (web + mail)
http://centos-webpanel.com/website-ddos-protection-proxy

Join our Development Team and get paid !
http://centos-webpanel.com/develope-modules-for-cwp


Services Monitoring & RBL Monitoring
http://centos-webpanel.com/services-monitor


Do you need Fast and FREE Support included for your CWP linux server?
http://centos-webpanel.com/noc-partner-list
Installation Instructions
http://centos-webpanel.com/installation-instructions
Get Fast Support Here
http://centos-webpanel.com/support-services

Offline
*
Re: How to install Mod_Security to secure Apache
« Reply #5 on: December 24, 2014, 05:27:22 AM »
Installed Mod_Security and when I go to restart Apache Server this is what I get:

Stopping httpd: [FAILED]
Starting httpd: httpd: Syntax error on line 419 of /usr/local/apache/conf/httpd.conf: Syntax error on line 1 of /usr/local/apache/conf.d/mod_security.conf: Cannot load /usr/lib64/libxml2.so into server: /usr/lib64/libxml2.so: cannot open shared object file: No such file or directory
[FAILED]

Offline
*
Re: How to install Mod_Security to secure Apache
« Reply #6 on: December 25, 2014, 04:58:37 PM »
do you have centos 6 32 or 64bit ?
AntiDDoS Protection (web + mail)
http://centos-webpanel.com/website-ddos-protection-proxy

Join our Development Team and get paid !
http://centos-webpanel.com/develope-modules-for-cwp


Services Monitoring & RBL Monitoring
http://centos-webpanel.com/services-monitor


Do you need Fast and FREE Support included for your CWP linux server?
http://centos-webpanel.com/noc-partner-list
Installation Instructions
http://centos-webpanel.com/installation-instructions
Get Fast Support Here
http://centos-webpanel.com/support-services

Offline
*
Re: How to install Mod_Security to secure Apache
« Reply #7 on: December 31, 2014, 10:23:08 PM »
Centos 6 32 bit.

Offline
*
Re: How to install Mod_Security to secure Apache
« Reply #8 on: January 01, 2015, 04:28:36 PM »
then you can't have /usr/lib64/libxml2.so try searching for libxml2.so in /usr/lib folder.
AntiDDoS Protection (web + mail)
http://centos-webpanel.com/website-ddos-protection-proxy

Join our Development Team and get paid !
http://centos-webpanel.com/develope-modules-for-cwp


Services Monitoring & RBL Monitoring
http://centos-webpanel.com/services-monitor


Do you need Fast and FREE Support included for your CWP linux server?
http://centos-webpanel.com/noc-partner-list
Installation Instructions
http://centos-webpanel.com/installation-instructions
Get Fast Support Here
http://centos-webpanel.com/support-services

Offline
*
Re: How to install Mod_Security to secure Apache
« Reply #9 on: January 30, 2015, 02:37:39 PM »
If OWASP rules are giving you issues because of their strictness, it might be an idea to look at the mod_security rules offered by Comodo - they call them the WAF - if you google that you'll get more information.

As we've used the rules on a different control panel, I can say there aren't any issues with the major CMS systems being used - and if you do find a block, simply disable that rule.

Hope that helps!

Offline
*
Re: How to install Mod_Security to secure Apache
« Reply #10 on: February 04, 2015, 01:29:30 AM »
were are testing the rules for a new version so it should come with some disabled rules which are preventing website functionality.
AntiDDoS Protection (web + mail)
http://centos-webpanel.com/website-ddos-protection-proxy

Join our Development Team and get paid !
http://centos-webpanel.com/develope-modules-for-cwp


Services Monitoring & RBL Monitoring
http://centos-webpanel.com/services-monitor


Do you need Fast and FREE Support included for your CWP linux server?
http://centos-webpanel.com/noc-partner-list
Installation Instructions
http://centos-webpanel.com/installation-instructions
Get Fast Support Here
http://centos-webpanel.com/support-services