Configuring Mod Security (Web Application Firewall)

ModSecurity is an Apache web server module that provides a web application firewall engine. This article is a short guide for configuring mod_security vs apache2 which reverses proxy to application that uses https protocol. So the steps are:


sudo apt-get -y install libapache-mod-security

make a file “/etc/apache2/conf.d/modsecurity2.conf”. In this one can enable filters which make possible to prevent exploitation of known, or new unpublished vulnerabilities.

<ifmodule mod_security2.c>
Include conf.d/modsecurity/*.conf

add rules (example):

sudo mkdir /etc/apache2/conf.d/modsecurity
sudo cp /usr/share/doc/libapache-mod-security/examples/rules/*.conf /etc/apache2/conf.d/modsecurity/

Note: refer to ModSecurity documentation for enabling rules you need

enable mod_security

sudo a2enmod mod-security

  • Configuring ssl with mod_proxy and mod_rewrite:

Enable ssl, mod_proxy, mod_rewrite and proxy_http:

sudo a2enmod mod_name

Write the following contents in httpd.conf:

<VirtualHost _default_:443>
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /keys/key.crt
SSLCertificateKeyFile /keys/key.key
ProxyPass /site https://localhost:8183/site
RewriteEngine on
RewriteRule ^site/(.*) https://localhost:8183/site$1 [P,L]

Also, do not forget edit proxy.conf :

AddDefaultCharset off
Order deny,allow
Deny from all
Allow from IP_ADDRESS or all

restart apache:

sudo /etc/init.d/apache2 restart