In one of our article (Web Server Security (Apache or HTTPD) Part 2) we mentioned about two important modules which help us protect our web server. Here we learned that these two modules help to protect our server from brute force and DDOS attack. It also helps us to protect our server from several other attacks like deface attack (sql injection), cross site scripting and many more.
As these two modules helps us to mitigate these kind of attacks and make our server more secure so we would discuss how to secure our website using this two modules.
First of all we need to learn how we will install these two modules. Before installing we should make sure that our server is updated properly. If not then run the following command to update the server.
#yum update –y
Once the whole update is done then we have to install a whole repository so that we can install those two modules.
# rpm -ivh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
Now let’s install both the modules into our server. To do so, we need to run the below command.
#yum –enablerepo=epel install mod_security mod_evasive
Now run the below commands to check if both of them are installed properly.
# httpd -M | grep evasive; httpd -M | grep security
We will get two outputs from the above commands which are like below output.
evasive20_module (shared)
security2_module (shared)
So after above these two checks we need to configure both the modules and integrate them with apache web server.
Now we have to download and store the core rule set in a suitable place and let those modules connect to the core rule set directory. To do so let’s create a directory to store the core rule set.
# mkdir /etc/httpd/corerules
Now let’s download the core rule set using below command.
# wget https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master
Now we have to uncompressed the file.
#tar -xvf master
From there we need to copy a directory to our targeted directory.
# mv –R SpiderLabs-owasp-modsecurity-crs-*/* /etc/httpd/corerules/
Then we will find a file named modsecurity_crs_10_setup.conf.example. we have to move this file into modsecurity_crs_10_setup.conf file. So run the below command.
# mv modsecurity_crs_10_setup.conf.example modsecurity_crs_10_setup.conf
Once this part is done we need to work on apache configuration and make sure everything is working properly. For that we have to open the configuration file and add few lines in there to make this work.
#vim /etc/httpd/conf/httpd.conf
Add the following lines in this file.
<IfModule security2_module>
Include /etc/httpd/crs/modsecurity_crs_10_setup.conf
Include /etc/httpd/crs/base_rules/*.conf
</IfModule>
Now restart the apache server.
#systemctl restart httpd.service
Now let’s check the modules are included properly and the configurations of those files are okay.
No go to the conf.d directory and find if these two modules have two files accordingly.
#cd /etc/httpd/conf.d/
#ls –l
We will see two names like below
mod_security.conf
mod_evasive.conf
Now read these two files and we will find the same lines on both the files. Those lines are given below.
LoadModule evasive20_module modules/mod_evasive24.so
LoadModule security2_module modules/mod_security2.so
Once this check is done then we need to configure both security and evasive files.
This is the last touch to configure both the modules.
So let’s open the file inside the conf.d directory.
#vim /etc/httpd/conf.d/mod_security.conf
Add the below lines and save the file.
<IfModule mod_security2.c>
SecRuleEngine On
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType text/plain text/html text/xml application/octet-stream
SecDataDir /tmp
</IfModule>
Now exit the file and restart apache server.
#systemctl restart httpd.service
Now open the mod_evasive.conf file and let’s edit this file to our desired configuration.
# vim /etc/httpd/conf.d/mod_evasive.conf
Now add the following lines in this file and save this file.
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
DOSEmailNotify (your email address)
</IfModule>
Once this is done we have to exit the file and restart apache server.
#systemctl restart httpd.service
The whole process ends here. On our next article we will discuss about more security aspects.
