ModSecurity : ModSecurity is an open source web application firewall. Working embedded in the web server, or standalone as a network appliance, it detects and prevents attacks against web applications.

In order to use mod_security, you need to turn on EPEL repo under CentOS / RHEL Linux.

RHEL 5.x / CentOS 5.x Users

Type the following command as root user to install repo:

# rpm -Uvh http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm

RHEL 6.x / CentOS 6.x Users

Type the following command as root user to install repo:

# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

Once repo is turned on, type the following command to install ModSecurity:

# yum install mod_security

mod_security configuration files

• /etc/httpd/conf.d/mod_security.conf – main configuration file for the mod_security Apache module.
• /etc/httpd/modsecurity.d/ – all other configuration files for the mod_security Apache.
• /var/log/httpd/modsec_debug.log – Use debug messages for debugging mod_security rules and other problems.
• /var/log/httpd/modsec_audit.log – All requests that trigger a ModSecurity events or a serer error are logged are logged into this file.

Make sure SecRuleEngine set to “On” to protect webserver for the attacks:

SecRuleEngine On

Turn on other required options and policies as per your requirements. Finally, restart httpd:

# service httpd restart

Make sure everything is working:

# tail -f /var/log/httpd/error_log