Last updated at Fri, 20 Apr 2018 15:03:37 GMT
Synopsis
Apache web server is most widely used web server around the world. So web server security is crucial part for every system administrator. There are many tools and techniques are used to secure Apache web server. Among theme mod_security is one of the important Apache modules that provides intrusion detection and prevention for web servers.mod_security is used for real-time web application monitoring, logging, and access control. mod_security is used to protect web server from various types of attacks such as XSS, bots, SQL-injection, capture session, Trojans, session hijacking and many more.
In this article, we will learn how to install and configure mod_security on Ubuntu 16.04 server. We will also perform some stress test to test mod_security module.
System Requirements
- Newly deployed Ubuntu 16.04 server.
- A static IP address 192.168.1.10 is configured on your server.
Update the System
First, you will need to update your system with the latest stable version. You can do this with the following command:
apt-get update -y
apt-get upgrade -y
Install LAMP Server
Before starting, you will need LAMP installed on your server, if not you can install it with the following command:
apt-get install apache2 mysql-server libapache2-mod-auth-mysql php5-mysql php5 libapache2-mod-php5 php5-mcrypt
Once the installation is complete, start apache service and enable it to start at boot:
systemctl start apache2
systemctl enable apache2
Install mod_security
By default, mod_security is available in Ubuntu 16.04 repository. You can simply install it with the following command:
apt-get install libapache2-modsecurity
Once the installation is complete, you can test it with the following command:
apachectl -M | grep security
If everything is fine, you should see the following output:
security2_module (shared)
Configure mod_security
By default, mod_security doesn’t work because it needs rules to work. First, you will need to rename the example modsecurity.conf-recommended
file located at /etc/modsecurity
directory. You can do this with the following command:
mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
Next, you will need to enable mod_security rule engine.
nano /etc/modsecurity/modsecurity.conf
Change the following line:
SecRuleEngine on
Save the file and restart Apache for the changes to take effect.
systemctl restart apache2
By default, mod_security comes with core rule set (security rules) located at /usr/share/modsecurity-crs
directory. But it is recommended to download the mod_security CRS from GitHub repository.
First, remove the default CRS with the following command:
rm -rf /usr/share/modsecurity-crs
Next, download the latest version of mod_security CRS with the following command:
git clone http://github.com/SpiderLabs/owasp-modsecurity-crs.git /usr/share/modsecurity-crs
Next, rename the example setup file with the following command:
cd /usr/share/modsecurity-crs
mv crs-setup.conf.example crs-setup.conf
Next, you will need to enable these rules to get it working with Apache.
You can do this by configuring /etc/apache2/mods-enabled/security2.conf
file:
nano /etc/apache2/mods-enabled/security2.conf
Change the file as shown below:
SecDataDir /var/cache/modsecurity
IncludeOptional /etc/modsecurity/*.conf
IncludeOptional "/usr/share/modsecurity-crs/*.conf
IncludeOptional "/usr/share/modsecurity-crs/rules/*.conf
Save and close the file, then restart apache service.
systemctl restart apache2
Test mod_security
Once everything is configured properly, we will test mod_security by sending some malicious requests to Apache web server and see if the requests are being blocked or not.
First, we will test how mod_security protects Apache web server from XSS attack.
On the remote machine, run the following command to test XSS attack:
curl 'http://192.168.1.10/?q=">alert(1)'
You should see a 403 Forbidden response in the following output.
403 Forbidden
Forbidden
You don't have permission to access /
on this server.
Apache/2.4.18 (Ubuntu) Server at 192.168.1.10 Port 80
.hidden {
display: none;
}
Football-betting-media@ehulk.net
线上赌博app
365体育
mg-electron-marketing@zhengzongliangcha.com
皇冠体育博彩
Online-gambling-platform-contact@lesvoorbereiding.com
启吾东疆论坛门户
Sports-platform-customerservice@tassahil.net
博彩平台
好搜地图
体育博彩
最数码
Wynn-Gaming-customerservice@sdshty.com
沙巴在线平台
Sport-Venetian-feedback@tassahil.net
摩凡陀官网
Sabah-sports-betting-feedback@papyrus-shop.com
Wynn-Sports-service@76999.net
今日▪天下通
万利达生活电器
Mac迅雷官网
郑州火车站铁行网
搜钱网
追光动画
上海长途汽车客运总站
成都电信宽带网
卤中仙品牌
好记星资料下载
宿州人事考试网
重庆师范大学涉外商贸学院
17173七龙珠online专区
站点地图
河北工程技术学院
就爱歌词网
品质365
Next, we will test mod_security against SQL Injection attack with the following command:
curl "http://192.168.1.10/?q='1 OR 1=1"
You should get 403 Forbidden response shown in the following output:
403 Forbidden
Forbidden
You don't have permission to access /
on this server.
Apache/2.4.18 (Ubuntu) Server at 192.168.1.10 Port 80
.hidden {
display: none;
}
Football-betting-media@ehulk.net
线上赌博app
365体育
mg-electron-marketing@zhengzongliangcha.com
皇冠体育博彩
Online-gambling-platform-contact@lesvoorbereiding.com
启吾东疆论坛门户
Sports-platform-customerservice@tassahil.net
博彩平台
好搜地图
体育博彩
最数码
Wynn-Gaming-customerservice@sdshty.com
沙巴在线平台
Sport-Venetian-feedback@tassahil.net
摩凡陀官网
Sabah-sports-betting-feedback@papyrus-shop.com
Wynn-Sports-service@76999.net
今日▪天下通
万利达生活电器
Mac迅雷官网
郑州火车站铁行网
搜钱网
追光动画
上海长途汽车客运总站
成都电信宽带网
卤中仙品牌
好记星资料下载
宿州人事考试网
重庆师范大学涉外商贸学院
17173七龙珠online专区
站点地图
河北工程技术学院
就爱歌词网
品质365