knackforge knackforge
+1 903 266 1070
Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
post
page
blog-banner

knackforge

July 1, 2017

How to Install Apache Security Module in Amazon Linux AMI

  • AMAZON LINUX AMI
  • Apache
  • LINUX SERVER
  • MOD SECURITY

Apache mod_security is a firewall module to prevent SQL Injection, cross-site scripting, bad user agents, and a lot of other exploits. 

Depending on the Amazon Linux AMI version you may have to issue one of the below commands on a trial & error basis.

sudo yum install mod24_security.x86_64

or
 

sudo yum install mod_security --enablerepo=epel

Once the package manager has installed the necessary packages we need to configure mod security as appropriate for the web application.

Below is the essential conf file for mod security, 

/etc/httpd/conf.d/mod_security.conf

The parameters we would essentially deal with are,

SecRuleEngine DetectionOnly
SecRequestBodyAccess On

The "DetectionOnly" says Apache not to block any requests which may be valid in the context of your application instead log the suspicious requests to error.log.

It is recommended to run the application in "DetectionOnly" mode for a couple of days or so to avoid the false negative. For instance, in Drupal 7 some administrative pages (Panel Edit) & Views AJAX pager stopped working when "SecRuleEngine" to "ON". 

Once the error log is reviewed & parameters are tweaked to meet the application needed SecRuleEngine can be changed On.

SecRuleEngine On

Mod security relies on a set of parameters and rules to gauze a request as genuine or malicious. The following steps would help us place the rule in place,
 

cd /etc/httpd/modsecurity.d

sudo wget https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/v3.0/master.zip

sudo unzip master.zip

sudo mv owasp-modsecurity-crs-3.0-master modsecurity-crs

cd /etc/httpd/modsecurity.d/modsecurity-crs

sudo cp crs-setup.conf.example crs-setup.conf


Add the following line to your httpd.conf. You can alternatively place these in any config file included by Httpd:

cd /etc/httpd/conf.d

sudo vim mod_security.conf

Add the following lines,

IncludeOptional modsecurity.d/*.conf
IncludeOptional modsecurity.d/activated_rules/*.conf
IncludeOptional modsecurity.d/local_rules/*.conf

Restart the web server and ensure it starts without errors.

sudo service httpd restart

Make sure your websites are still running fine.

Get awesome tech content in your inbox

Similar Blogs

How To Protect Apache Solr Admin Console

knackforge

March 19, 2012

Apache Solr Admin If you are using the default start.jar that comes along with Apache Solr, to ...

Fix Chkconfig Command Not Found

Jojodae Ganesh Sivaji

April 13, 2012

Chkconfig: command not found It happened in one of the servers we maintain, chkconfig was install...

Similar Blogs

How To Protect Apache Solr Admin Console

knackforge

March 19, 2012

Apache Solr Admin If you are using the default start.jar that comes along with Apache Solr, to ...

Fix Chkconfig Command Not Found

Jojodae Ganesh Sivaji

April 13, 2012

Chkconfig: command not found It happened in one of the servers we maintain, chkconfig was install...

Ready to get started?

We'd love to talk about how we can work together

AWS CLOUDCOST

Take control of your AWS cloud costs that enables you to grow!