Hi,
ModSecurity™ is a web application firewall engine that provides protection from XSS attacks as well as SQL injection attacks.
Before starting the configuration please make sure you have git installed, if you don't have installed it on your server, install it via the following command:
For Ubuntu:
apt-get install gitFor Cent OS:
yum install gitFollow the below steps to configure:
- First the Download the rules required for ModSecurity™ configuration via following link:
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
- Navigate into the downloaded directory. Rename crs-setup.conf.example to crs-setup.conf. Then move the rules/ directory as well as the crs-setup.conf file to the Apache configuration directory.
cd owasp-modsecurity-crs mv crs-setup.conf /usr/local/apps/apache/etc/conf.d/ mv rules/ /usr/local/apps/apache/etc/conf.d
- Create a file named security.conf in the Apache Configuration Directory: /usr/local/apps/apache/etc/conf.d/ and add the following content
LoadModule security2_module modules/mod_security2.so LoadModule unique_id_module modules/mod_unique_id.so <IfModule security2_module> SecDataDir /var/cache/modsecurity Include /usr/local/apps/apache/etc/conf.d/rules/*.conf </IfModule> - Finally create a configuration file named mod_security.conf in the Apache Configuration Directory: /usr/local/apps/apache/etc/conf.d/ for the module itself, add the following content to the file Content for mod_security.conf
- Now restart Apache to load all the configuration files using the following command:
service httpd restart
http://your-doamin/?q="><script>alert(1)</script>You should see a 403 Forbidden response displayed by the browser.
Note: Please make sure you have index.php or index.html in the root directory of your domain403 Forbidden Forbidden
You don't have permission to access / on this server.
Apache Server at {YOUR_IP} Port 80