Secure Apache 2.x Web Server With ModSecurity

How to Secure Your Apache 2.x Web Server With Mod Security in Unix/Linux
 ModSecurity is an open source web application firewall. Working embedded in the web server, or standalone as a network appliance, This WAF can help you to detect and prevents attacks against web applications.

  • Cross-Site Scripting (XSS)
  • Backdoors Detection
  • Trojans
  • ASP/PHP Injection
  • SQL & Command Injection, etc.
In this guide we will help you install the mod_security module on a web server running Ubuntu/Debian. For Debian, you have to login as root. ModSecurity works only with Apache 2 and  higher.
Installation

1. To install ModSecurity on Ubuntu, open the terminal (Ctrl+Alt+T) and run this command:
sudo apt-get install libapache2-modsecurity

2. Create now directory for ModSecurity in the Apache2 folder:
sudo mkdir /etc/apache2/modsecurity

3. Create now the configuration file for ModSecurity, which will be loaded by Apache, using this command:
sudo gedit /etc/apache2/conf.d/modsecurity.conf
Add the following code, save and exit.
## /etc/init.d/apache2/conf.d/modsecurity.conf
Include modsecurity/*.conf

4. ModSecurity rules using these two commands:
cd /etc/apache2/modsecurity
sudo cp -R /usr/share/modsecurity-crs/base_rules/* .

5. Modified and correct the line  in the modsecurity_crs_20_protocol_violations.conf file.
sudo gedit /etc/apache2/modsecurity/
modsecurity_crs_20_protocol_violations.conf
We need to replace this line:
SecRule REQBODY_ERROR "!@eq 0"

with this one:

SecRule REQBODY_PROCESSOR_ERROR "!@eq 0"
Save and exit.

6. Restart now the Apche web server.
sudo /etc/init.d/apache2 restart

7. To verify if the ModSecurity module is loaded in Apache.
cat /var/log/apache2/error.log | grep modsecurity

The output must be like this:
ModSecurity for Apache/2.6.0 (URL) configured.

Visit Official Link: ModSecurity

Source