• WordPress
  • cPanel
  • Softaculous
  • KVM Virtualization
  • Vmware Virtualization
  • Proxmox
Monday, May 12, 2025
LinuxBoost
  • Home
  • Almalinux
  • CentOS
  • Debian
  • Fedora
  • Ubuntu
  • Red Hat Enterprise Linux
  • Rocky Linux
  • OpenSUSE
  • Arch Linux
  • Oracle Linux
No Result
View All Result
LinuxBoost
  • Home
  • Almalinux
  • CentOS
  • Debian
  • Fedora
  • Ubuntu
  • Red Hat Enterprise Linux
  • Rocky Linux
  • OpenSUSE
  • Arch Linux
  • Oracle Linux
LinuxBoost
  • Home
  • Almalinux
  • CentOS
  • Debian
  • Fedora
  • Ubuntu
  • Red Hat Enterprise Linux
  • Rocky Linux
  • OpenSUSE
  • Arch Linux
  • Oracle Linux

How to Install and Configure ModSecurity on Rocky Linux

in Rocky Linux
How to Install and Configure ModSecurity on Rocky Linux

In today’s world, web applications are constantly under attack, and it is crucial to have a reliable web application firewall (WAF) in place to protect your applications. ModSecurity is an open-source WAF that helps protect your web applications against common attacks such as SQL injection, cross-site scripting (XSS), and local file inclusion (LFI). This guide will walk you through the process of how to install and configure ModSecurity on Rocky Linux.

Table of Contents

  1. Introduction
  2. Prerequisites
  3. Installing Apache
  4. Installing ModSecurity
  5. Configuring ModSecurity
  6. Testing ModSecurity
  7. Conclusion

How to Install and Configure ModSecurity on Rocky Linux

Introduction

Before diving into the installation and configuration process, let’s first understand what ModSecurity is and why you need it. ModSecurity is a popular open-source WAF designed to protect web applications from various security threats. It operates by analyzing incoming HTTP requests and applying a set of rules to detect and block malicious traffic.

In this tutorial, we will be installing ModSecurity on a Rocky Linux server with Apache as the web server. We will also configure ModSecurity with the OWASP ModSecurity Core Rule Set (CRS), which is a widely used set of rules for ModSecurity.

Prerequisites

Before starting the installation process, make sure you have the following:

  • A Rocky Linux server with root access or a user with sudo privileges
  • A working installation of Apache web server. If you don’t have Apache installed, you can follow our guide on how to install Apache on Rocky Linux
  • A basic understanding of Linux commands and text editors

Installing Apache on Rocky Linux

If you haven’t already installed Apache on your Rocky Linux server, you can do so by running the following commands:

sudo dnf install httpd -y
sudo systemctl enable httpd
sudo systemctl start httpd

This will install Apache, enable it to start on boot, and start the service. Verify that Apache is running by visiting http://your_server_ip in your browser. You should see the default Apache welcome page.

Installing ModSecurity on Rocky Linux

Now that you have Apache installed and running, you can proceed with installing ModSecurity. To do this, run the following commands:

sudo dnf install mod_security -y

This will install ModSecurity along with its dependencies. Once the installation is complete, enable ModSecurity by adding the following line to your Apache configuration file (/etc/httpd/conf/httpd.conf):

Include conf.modules.d/00-mod_security.conf

Now, restart Apache for the changes to take effect:

sudo systemctl restart httpd

Configuring ModSecurity on Rocky Linux

After installing ModSecurity, you need to configure it. First, create a backup of the default configuration file:

sudo cp /etc/httpd/conf.d/mod_security.conf /etc/httpd/conf.d/mod_security.conf.bak

Next, open the /etc/httpd/conf.d/mod_security.conf file with your preferred text editor and uncomment the following line:

SecRuleEngine On

This will enable the ModSecurity engine.

Now, you need to configure ModSecurity to use the OWASP CRS. To do this, first download the latest CRS from the official GitHub repository. You can do this by running the following command:

sudo git clone https://github.com/coreruleset/coreruleset.git /etc/nginx/modsecurity/crs

Once the CRS is downloaded, create a new ModSecurity configuration file:

sudo cp /etc/nginx/modsecurity/crs/crs-setup.conf.example /etc/nginx/modsecurity/crs/crs-setup.conf

Now, include the crs-setup.conf file and the rules from the CRS in your ModSecurity configuration file (/etc/nginx/modsecurity/modsecurity.conf). Add the following lines at the end of the file:

Include /etc/nginx/modsecurity/crs/crs-setup.conf
Include /etc/nginx/modsecurity/crs/rules/*.conf

Configure Nginx to use ModSecurity in Linux

Before you can start using ModSecurity with Nginx, you need to configure Nginx to use ModSecurity. To do this, open the Nginx configuration file (usually /etc/nginx/nginx.conf) and add the following lines within the http block:

modsecurity on;
modsecurity_rules_file /etc/nginx/modsecurity/modsecurity.conf;

Next, add the following lines within the server block:

location / {
    modsecurity_rules_file /etc/nginx/modsecurity/crs/crs-setup.conf;
    modsecurity_rules_file /etc/nginx/modsecurity/crs/rules/*.conf;
}

This will enable ModSecurity for all requests made to your server. If you want to enable ModSecurity for a specific location, you can add the modsecurity_rules_file directive within a specific location block.

Save the file and restart Nginx:

sudo systemctl restart nginx

Testing ModSecurity

To ensure that ModSecurity is working correctly, you can test it by triggering a rule from the CRS. To do this, you can use curl to send a request to your server with a specific user agent that is blocked by the CRS.

curl -I -A "Nikto" http://your_server_ip/

If ModSecurity is working correctly, you should see a 403 Forbidden response, indicating that the request was blocked by ModSecurity.

Monitor and Adjust ModSecurity Rules

After you have installed and configured ModSecurity, it’s essential to monitor its performance and make any necessary adjustments to the rules. To do this, you can use tools like Kibana or Logstash to analyze the logs generated by ModSecurity.

By regularly monitoring the logs, you can identify any false positives or negatives and adjust the rules accordingly. This will help ensure that your server remains secure while minimizing the impact on legitimate traffic.

Conclusion

In this tutorial, you have learned how to install and configure ModSecurity on Rocky Linux. By using ModSecurity with the OWASP CRS, you can significantly improve the security of your web applications and protect them against a wide range of attacks.

Remember to monitor the performance of ModSecurity and adjust the rules as needed to ensure the best possible security for your server. For additional security measures, consider setting up tools like Fail2Ban

ShareTweet
Previous Post

How to Install and Configure Terraform on Rocky Linux

Next Post

How to Install and Configure NAXSI on Rocky Linux

Related Posts

How to Install and Configure OpenVAS on Rocky Linux

How to Install and Configure OpenVAS on Rocky Linux

How to Install and Configure Nikto on Rocky Linux

How to Install and Configure Nikto on Rocky Linux

Set up FreeIPA on Rocky Linux

How to Install and Configure FreeIPA on Rocky Linux

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Golden Host VPS
  • Privacy Policy
  • Terms and Conditions
  • About Us
  • Contact Us

Copyright © 2023 linuxboost.com All Rights Reserved.

  • Privacy Policy
  • Terms and Conditions
  • About Us
  • Contact Us

Copyright © 2023 linuxboost.com All Rights Reserved.