Wednesday, 1 January 2014

How to Install & Configure mod_security With OWASP on Apache Server

Hello... Friends, Today we are going to discus about the mod_security in the web application. mod_security is basically an open source web application firewall (WAF) and intrusion detection and prevention system for web applications.This web app. mod_security is basically used to protect and monitor real time HTTP traffic and web application from brute force attacks and it also work as IDS?IPS ( Intrusion Detection and Prevention System ) Here we are going to configure this mod security with OWASP.

mod_security is not only installed in Linux it also works on windows based server too. But we here going to work on Linux based server.

Let's Start ...

Step 1 : before going to install mod security we need to install some dependency package install them before it
# yum install gcc make



# yum install libxml2 libxml2-devel httpd-devel pcre-devel curl-devel



Step 2 : now we need to download the tarball of Mod Security package. Download the package from the official site of mod security we can also use yum package too here i am going with tarball method as shown in the images but by using yum server we can install it too as..

 # yum install mod_security 

here Download the tarball in usr/scr directory
as # wget http://www.modsecurity.org/tarball/2.7.4/modsecurity-apache_2.7.4.tar.gz



Step 3: now untar the package as tar xzf package name here my package is modsecurity-apache_2.7.4.tar.gz
now we can see the directory will create in the usr/src directory go to the directory and follows the next interactions ....


 Step 4: now we need to install  the mod security as given command
# ./configure
# make install
it will take a little time please wait for done


Step 5 : Next we need to add core rule sets so that it can block malicious requests to the web server so here we have owasp rules sets
so now download and use the owasp-modesecurity-core rules set in etc/httpd directory

# wget http://pkgs.fedoraproject.org/repo/pkgs/mod_security_crs/owasp-modesecurity-crs-2.2.8.tar.gz/fdee278c02d41a1377dc20a616b2f327/owasp-modesecurity-crs-2.2.8.tar.gz



next extract this using tar command as

# tar -xzf owasp-modsecurity-crs-2.2.8.tar.gz

change the name of exracted directory of core rules in simply modsecurity-crs-2.2.8 as

# mv owasp-modsecurity-crs-2.2.8.tar.gz  modsecurity-crs-2.2.8.tar.gz

#cd  modsecurity-crs-2.2.8.tar.gz

now next we need to rename the conf file name modeseurity_crs_10_setup.conf.example to modesecurity_crs_10_setup.conf

# modesecurity_crs_10_setup.conf.example modesecurity_crs_10_setup.conf

next we need to include these core rules in the apache conf file (/etc/httpd/conf/httpd.conf)

#vi /etc/httpd/conf/httpd.conf

add the location of core rules set into config file (modesecurity_crs_10_setup.conf)as well as conf files in base_rule directory under core rule set directory too

<IfModule security2_module>
      include modesecurity-crs-2.2.8/modesecurity_crs_10_setup.conf
      include modesecurity-crs-2.2.8/base_rules/*.conf
</IfModule>



save the configuration file & Next restart the Apache service as

# service httpd restart

done next we need to test it with vulnerable service is it working properly or not so do it yourself :')

0 comments:

Post a Comment