mod_security setup on Centos 5.4
Enable the EPEL repository.
Install via yum.
This will load your basic mod_security configuration including the core rules.
Next I had to set SecDataDir in the config. This was not initially set and errors in the following form appeared in the log file.
Fixed this up by creating SecDataDir and creating a directory for this purpose, making sure to give apache permission to use it.
After a restart modsecurity successfully began applying rules, but rather than blocking problem requests (my intention) it merely logged warnings. I changed the SecDefaultAction in vim /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf from
to
vim /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf
rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm
Install via yum.
yum install mod_security
This will load your basic mod_security configuration including the core rules.
Next I had to set SecDataDir in the config. This was not initially set and errors in the following form appeared in the log file.
ModSecurity: Unable to retrieve collection (name "", key " "). Use SecDataDir to define data directory first.
Fixed this up by creating SecDataDir and creating a directory for this purpose, making sure to give apache permission to use it.
vim /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf
( Added SecDataDir /usr/local/apache/modsec_data )
mkdir /usr/local/apache
mkdir /usr/local/apache/modsec_data
chown apache:apache /usr/local/apache/modsec_data
chown apache:apache /usr/local/apache
After a restart modsecurity successfully began applying rules, but rather than blocking problem requests (my intention) it merely logged warnings. I changed the SecDefaultAction in vim /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf from
SecDefaultAction "phase:2,pass"
to
SecDefaultAction "phase:2,deny,log,status:403"
vim /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf
Comments