Window - How to Install ModSecurity for Apache¶
Make sure you have the
mod_unique_id module installed. The module is packaged with WAMP Package for Windows.
Now the module is enabled and you can keep going.
2. Grap the source!¶
For windows go here: http://www.apachelounge.com/download/ and take the right version compatible for Apache installed on the server
Mostly we are using
wampserver 64bit build with
VC11 for windows servers
so the right version can be found inside this package:
- Copy the files!
You need to copy
yajl.dll inside the Apache
You will find
mod_security already inside
If the folder exists just skip this step otherwise keep going.
Create a folder named
mod_security2 inside the
modules folder of Apache
and put inside the folder the file
3. Enable the module!¶
Enable the module adding this directive to the
#Add the following rule to load the security module. LoadModule security2_module modules/mod_security2/mod_security2.so
Inside the modsecurity folder there is a file named
rename it as
modsecurity.conf and put it inside the conf folder of Apache installation folder.
ex. here ->
Apache need to load this configuration file so add the following directive inside httpd.conf:
4. CRS Configuration¶
Get the archive with all the rules from here: https://github.com/SpiderLabs/owasp-modsecurity-crs/releases
For this tutorial I will use the version 2.2.9 taken from here: https://github.com/SpiderLabs/owasp-modsecurity-crs/releases/tag/2.2.9
Create a folder
and copy inside this folder all the rules that you find here:
Rename the file
and copy the file inside the folder
Create a file
modsecurity_crs_99_whitelist.conf inside the
if it doesn’t exists already, and add the following whitelist directives at the end of the file:
Whitelisted rules -> http://18.104.22.168/repo/STND_PMIS_util/mod-security/pmis_rules.conf
Apache need to load this conf files so we need to add some directives inside
IncludeOptional conf/extra/modsecurity_crs_10_setup.conf IncludeOptional modules/mod_security2/activated_rules/*.conf
At the end of httpd.conf file you should have the following directives:
... # mod security # [IMPORTANT] Put this directive before the Include directives! LoadModule security2_module modules/mod_security2.so # Put all the Include after the LAST LoadModule directive! Include conf/extra/modsecurity.conf IncludeOptional conf/extra/modsecurity_crs_10_setup.conf IncludeOptional extra-modules/mod_security-2.8.0/activated_rules/*.conf
Put all the ``Include`` directives after the LAST ``LoadModule`` directive!
5. Turn it ON!¶
ModSecurity by default is
DetectionOnly in order to stop bad things happening
we need to change the
SecRuleEngine directive and turn it
Modify the file
modsecurity.conf and change the following directive:
#SecRuleEngine DetectionOnly SecRuleEngine On
Restart the apache server and we have done!
6. Read the log!¶
ModSecurity will write his log into the file defined from the following directive:
Check it and see if it block bad things!
- Reference Manual