A great little addition to all Apache server installations.
Install it via:
apt-get install libapache2-mod-security
Then create a symbolic link so that the mod is enabled:
ln -s /etc/apache2/mods-available/mod-security.load mod-security.load
Setup the config for the module in /etc/apache2/httpd.conf
Mine looks like the file attached at the end of the article.
Then kick over Apache2:
/etc/init.d/apache2 restart
You can now run the tests to see how well mod security is working for you:
cd /usr/share/mod-security/tests
./run-test.pl domain.com *
The asterisk will make it run all the tests for you. You can run particular tests individually if you like. eg. ./run-test.pl domain.com 55-cookie-1.test, 70-bug-bad-ARGS.test
(replace domain.com with the address to your server)
You will need to restart Apache2 after every change to the mod security settings for them take effect.