Protect Apache Against Brute Force or DDoS Attacks Using Mod_Security and Mod_evasive Modules
Step 3: Installing A Core Rule Set and Configuring Mod_Security
In few words, a Core Rule Set (aka CRS) provides the web server with instructions on how to behave under certain conditions. The developer firm of mod_security provide a free CRS called OWASP (Open Web Application Security Project) ModSecurity CRS that can be downloaded and installed as follows.
1. Download the OWASP CRS to a directory created for that purpose.
# mkdir /etc/httpd/crs-tecmint # cd /etc/httpd/crs-tecmint # wget https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master
2. Untar the CRS file and change the name of the directory for one of our convenience.
# tar xzf master # mv SpiderLabs-owasp-modsecurity-crs-ebe8790 owasp-modsecurity-crs
3. Now it’s time to configure mod_security. Copy the sample file with rules (owasp-modsecurity-crs/modsecurity_crs_10_setup.conf.example) into another file without the .example extension:
# cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_setup.conf
and tell Apache to use this file along with the module by inserting the following lines in the web server’s main configuration file /etc/httpd/conf/httpd.conf file. If you chose to unpack the tarball in another directory you will need to edit the paths following the Include directives:
<IfModule security2_module> Include crs-tecmint/owasp-modsecurity-crs/modsecurity_crs_10_setup.conf Include crs-tecmint/owasp-modsecurity-crs/base_rules/*.conf </IfModule>
Finally, it is recommended that we create our own configuration file within the /etc/httpd/modsecurity.d directory where we will place our customized directives (we will name it tecmint.conf in the following example) instead of modifying the CRS files directly. Doing so will allow for easier upgrading the CRSs as new versions are released.
<IfModule mod_security2.c> SecRuleEngine On SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType text/plain text/html text/xml application/octet-stream SecDataDir /tmp </IfModule>
You can refer to the SpiderLabs’ ModSecurity GitHub repository for a complete explanatory guide of mod_security configuration directives.