Install Modsecurity di Apache: Difference between revisions
No edit summary |
No edit summary |
||
| Line 45: | Line 45: | ||
==Source== | ==Source== | ||
*[https://www.linode.com/docs/guides/configure-modsecurity-on-apache/ linode.com] | *[https://www.linode.com/docs/guides/configure-modsecurity-on-apache/ linode.com] | ||
[[Category:Security]] | |||
[[Category:Server]] | |||
[[Category:Website]] | |||
[[Category:Web Server]] | |||
[[Category:ModSecurity]] | |||
Revision as of 19:18, 5 July 2022
sudo apt-get install libapache2-mod-security2
Restart Apache:
/etc/init.d/apache2 restart
Verify the version of ModSecurity is 2.8.0 or higher:
apt-cache show libapache2-mod-security2
OWASP ModSecurity Core Rule Set
The following steps are for Debian based distributions. File paths and commands for RHEL will differ slightly.
Move and change the name of the default ModSecurity file:
mv /etc/modsecurity/modsecurity.conf-recommended modsecurity.conf
Install git if needed:
sudo apt install git
Download the OWASP ModSecurity CRS from Github:
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
Navigate into the downloaded directory. Move and rename crs-setup.conf.example to crs-setup.conf. Then move rules/ as well.
cd owasp-modsecurity-crs
mv crs-setup.conf.example /etc/modsecurity/crs-setup.conf
mv rules/ /etc/modsecurity/
The configuration file should match the path above as defined in the IncludeOptional directive. Add another Include directive pointing to the rule set:
<IfModule security2_module>
# Default Debian dir for modsecurity's persistent data
SecDataDir /var/cache/modsecurity
# Include all the *.conf files in /etc/modsecurity.
# Keeping your local configuration in that directory
# will allow for an easy upgrade of THIS file and
# make your life easier
IncludeOptional /etc/modsecurity/*.conf
Include /etc/modsecurity/rules/*.conf
</IfModule>
Restart Apache so that the changes will take effect:
/etc/init.d/apache2 restart