Mod Security

November 12, 2005

A great little addition to all Apache server installations. Install it via: apt-get install libapache2-mod-security Then create a symbolic link so that the mod is enabled: ln -s /etc/apache2/mods-available/mod-security.load mod-security.load Setup the config for the module in /etc/apache2/httpd.conf Mine looks like the file attached at the end of the article. Then kick over Apache2: /etc/init.d/apache2 restart You can now run the tests to see how well mod security is working for you:

A great little addition to all Apache server installations.

Install it via:

apt-get install libapache2-mod-security

Then create a symbolic link so that the mod is enabled:

ln -s /etc/apache2/mods-available/mod-security.load mod-security.load

Setup the config for the module in /etc/apache2/httpd.conf

Mine looks like the file attached at the end of the article.

Then kick over Apache2:

/etc/init.d/apache2 restart

You can now run the tests to see how well mod security is working for you:

cd /usr/share/mod-security/tests

./run-test.pl domain.com *

The asterisk will make it run all the tests for you. You can run particular tests individually if you like. eg. ./run-test.pl domain.com 55-cookie-1.test, 70-bug-bad-ARGS.test

(replace domain.com with the address to your server)

You will need to restart Apache2 after every change to the mod security settings for them take effect.

httpd (TXT file)