Mod Security· 1 minute read
A great little addition to all Apache server installations.
Install it via:
apt-get install libapache2-mod-security
Then create a symbolic link so that the mod is enabled:
ln -s /etc/apache2/mods-available/mod-security.load mod-security.load
Setup the config for the module in /etc/apache2/httpd.conf
Mine looks like the file attached at the end of the article.
Then kick over Apache2:
You can now run the tests to see how well mod security is working for you:
./run-test.pl domain.com *
The asterisk will make it run all the tests for you. You can run particular tests individually if you like. eg. ./run-test.pl domain.com 55-cookie-1.test, 70-bug-bad-ARGS.test
(replace domain.com with the address to your server)
You will need to restart Apache2 after every change to the mod security settings for them take effect.