Installing mod-security on ubuntu 10.04

Installing mod-security on ubuntu 10.04

ModSecurity: Open Source Web Application Firewall is a open source project that aim to secure web application running on webserver like Apache and block penetration or hacking attempt investigating in the body of http request.

I report some step I followed to install on my test web server

Installation:

apt-get install libapache-mod-security
cp -R /usr/share/doc/mod-security-common/examples/rules /etc/apache2/
nano /etc/apache2/conf.d/security

 # Append those lines <IfModule mod_security2.c> Include /etc/apache2/rules/*.conf Include /etc/apache2/rules/base_rules/*.conf </IfModule>

mkdir /etc/apache2/logs/
a2enmod mod-security
/etc/init.d/apache2 restart

Try it:

# disable mod-security, just for test
a2dismod mod-security && /etc/init.d/apache2 restart
echo "<? echo file_get_contents(\$_REQUEST['f']);" > /var/www/test.php
wget -qO- "http://localhost/test.php?f=/etc/passwd"
 root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh

# that's bad! Re-enable mod-security
a2enmod mod-security && /etc/init.d/apache2 restart
wget "http://localhost/test.php?f=/etc/passwd"
 HTTP request sent, awaiting response... 403 Forbidden

#finally, remove the test file
rm /var/www/test.php

Done!