How to Setup ModSecurity for Apache on Ubuntu 18.04

How to Setup ModSecurity for Apache on Ubuntu 18.04

ModSecurity also known as Modsec is a robust Open-source firewall application for Apache web server.  A firewall is a utility that protects a network or a software application from abuse and unauthorized access by filtering requests.

Modsec offers security features to HTTP (Hypertext Transfer Protocol). Since it is free to use, it has been widely adopted for monitoring, logging and filtering requests on Apache web servers.

The utility has been a success in fighting common vulnerabilities using the OWASP ModSecurity Core Rule Set.

In this guide, we will take you through the steps of setting up and securing your Apache web server with ModSecurity on Ubuntu 18.04 VPS.

Prerequisite

  • A VPS plan running Ubuntu 18.04 server
  • A non root user that can perform sudo tasks

Step 1: Installing Apache Web server

First, you need to install Apache if it is not installed on your Ubuntu 18.04 server.  First update the Ubuntu package index.

$ sudo apt-get update

Then, install Apache:

$ sudo apt-get install Apache2

Press Y and hit Enter when prompted to confirm the installation

If Apache is already installed, you should get the error message below:

apache2 is already the newest version

Step 2: Installing ModSecurity

Once you have installed Apache, the next step is installing ModSecurity. Run the command below:

$ sudo apt-get install libapache2-mod-security2

Restart Apache

$ sudo service apache2 restart

You can check if the module is enabled by running the command below:

$ sudo apachectl -M | grep security

You should get the below output:

security2_module (shared)

Step 3: Configuring ModSecurity

ModSecurity engine needs rules to work. The rules decide how communication is handled on the web server. Depending on the configuration, ModSecurity can pass, drop, redirect, execute a script or even display a status code during a session.

There is a default configuration file /etc/modsecurity/modsecurity.conf-recommended which you should copy to /etc/modsecurity/modsecurity.conf to enable and configure ModSecurity. To do this, run the command below:

$ sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf

Then, edit the file that you have copied using a nano editor:

$ sudo nano /etc/modsecurity/modsecurity.conf

Change the value of SecRuleEngine from DetectionOnly to On.

$ SecRuleEngine = on

Press >CTRL +X then Y and Enter to save the file.

Restart Apache for the changes to take effect.

$ sudo systemctl restart apache2

ModSecurity has default rules set located at /usr/share/modsecurity-crs directory. However, it is always recommended to download the rules set from GitHub:

Before, you do this, rename the default rules directory:

$ sudo mv /usr/share/modsecurity-crs /usr/share/modsecurity-crs.bk

Then, download new rule set from GitHub using the command below:

$ sudo git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git /usr/share/modsecurity-crs

Copy the sample configuration file from the downloaded rules using the command below:

$ sudo cp /usr/share/modsecurity-crs/crs-setup.conf.example /usr/share/modsecurity-crs/crs-setup.conf

To get these rules working on Apache, you should edit the /etc/apache2/mods-enabled/security2.conf file using a nano editor

$ sudo nano /etc/apache2/mods-enabled/security2.conf

Add the following two lines at the end

$ IncludeOptional /usr/share/modsecurity-crs/*.conf
$ IncludeOptional "/usr/share/modsecurity-crs/rules/*.conf

Save the file by pressing CTRL + X, Y and Enter

Restart Apache:

$ sudo systemctl restart apache2

Step 4: Testing ModSecurity

You can now try to execute malicious scripts on a browser and see if ModSecurity rules will be triggered. Enter the below URL on a browser. Remember to replace the IP address with the public IP address of your server or domain name

http://127.0.0.1/index.html?exec=/bin/bash

You should get a forbidden error message:

Forbidden You don’t have permission to access / on this server. Apache/2.4.29 (Ubuntu) Server at 127.0.0.1 Port 80

Conclusion

That’s it. Your Apache web server is now protected from malicious attackers. Please note ModSecurity protects against many known attacks including SQL injection. The module is a great arsenal when it comes to hardening your web server from hackers.

Check out these top 3 Linux hosting services

Webdock
$1.05 /mo
Starting price
Visit Webdock
Rating based on expert review
  • User Friendly
    3.8
  • Support
    4.5
  • Features
    4.5
  • Reliability
    4.3
  • Pricing
    4.3
Kamatera
$4.00 /mo
Starting price
Visit Kamatera
Rating based on expert review
  • User Friendly
    3.5
  • Support
    3.0
  • Features
    3.9
  • Reliability
    4.0
  • Pricing
    4.3
Ultahost
$2.50 /mo
Starting price
Visit Ultahost
Rating based on expert review
  • User Friendly
    4.3
  • Support
    4.8
  • Features
    4.5
  • Reliability
    4.0
  • Pricing
    4.8
  • Check the recommendations for the best VPS and get a suitable one.

How To Set up a VSFTPD Server on a CentOS 7 VPS or Dedicated Server

Brief Description FTP is usually insecure exposing clear-text passwords, userna
less than a minute
Eliran Ouzan
Eliran Ouzan
Web Designer & Hosting Expert

How To Set up a VSFTPD Server on an Ubuntu 16.04 VPS or Dedicated Server

Brief Description FTP data is usually insecure since information (usernames, pa
less than a minute
Eliran Ouzan
Eliran Ouzan
Web Designer & Hosting Expert

How to use phpMyAdmin to develop a website (without MySQL experience)

Brief description A web developer who is not well versed into coding websites f
less than a minute
Idan Cohen
Idan Cohen
Marketing Expert

How to Install MySQL on a Windows Web Server Running Apache

This tutorial will show you how to install the MySQL database on a Windows serve
less than a minute
Michael Levanduski
Michael Levanduski
Expert Hosting Writer & Tester
HostAdvice.com provides professional web hosting reviews fully independent of any other entity. Our reviews are unbiased, honest, and apply the same evaluation standards to all those reviewed. While monetary compensation is received from a few of the companies listed on this site, compensation of services and products have no influence on the direction or conclusions of our reviews. Nor does the compensation influence our rankings for certain host companies. This compensation covers account purchasing costs, testing costs and royalties paid to reviewers.
Click to go to the top of the page
Go To Top