Posted on

Apache Web Security with ModSecurity [mod_security]

What is ModSecurity?

ModSecurity or mod_security is basically a kind of IDS/IPS (Intrusion Detection/Prevention System) for web applications. In this case it is used to secure Apache.

Great documentation can be found over here: ModSecurity Reference

How to setup ModSecurity?

In this case just using yum to install it and restart apache to have it up and running

yum install mod_security
/etc/init.d/httpd restart

How to configure ModSecurity?

Go to /etc/httpd/conf.d/ and modify the mod_security.conf file.

Just wanted to block some bot so I added:

  SecRule REQUEST_HEADERS:User-Agent "Ezooms" \
    "id:'300000',phase:2,t:none,log,deny,msg:'Ezooms bot'"

  SecRule REQUEST_HEADERS:User-Agent "YandexBot" \
    "id:'300001',phase:2,t:none,log,deny,msg:'Yandex bot'"

  SecRule REQUEST_HEADERS:User-Agent "AhrefsBot" \
    "id:'300002',phase:2,t:none,log,deny,msg:'Ahrefs bot'"

  SecRule REQUEST_HEADERS:User-Agent "MJ12bot" \
    "id:'300003',phase:2,t:none,log,deny,msg:'MJ12bot'"

  SecRule REQUEST_HEADERS:User-Agent "Turnitin" \
    "id:'300004',phase:2,t:none,log,deny,msg:'Turnitin'"