LinuxPizza

Modsecurity is an open-source Web Application Firewall for the modern webserver such as Apache and Nginx. In this short guide we are going to install Modsecurity for Apache on Debian 10, enable it and add additional rules.

Installation of the Modsecurity module

The installation is very simple:

root@debian:~# apt install libapache2-mod-security2 -y

Great, now we just have to activate the module. It is currently running in “Detection Mode” which means that is will only log attempts and not perform any blocking. This can be useful for testing.

cd /etc/modsecurity/
mv modsecurity.conf-recommended modsecurity.conf
sed -i -e s/"SecRuleEngine DetectionOnly"/"SecRuleEngine On"/g modsecurity.conf

That's about it! If you want to run mod_security2 with the recommended ruleset including the ones from OWASP top 10 – you are now done! You only need to restart apache:

systemctl apache2 restart

Done! Simple and easy!