Professional Documents
Culture Documents
$ Sudo Apt-Get Install Apache2
$ Sudo Apt-Get Install Apache2
ModSecurity also known as Modsec is a robust Open-source firewall application for Apache
web server. A firewall is a utility that protects a network or a software application from abuse
and unauthorized access by filtering requests.
Modsec offers security features to HTTP (Hypertext Transfer Protocol). Since it is free to use,
it has been widely adopted for monitoring, logging and filtering requests on Apache web
servers.
The utility has been a success in fighting common vulnerabilities using the OWASP
ModSecurity Core Rule Set.
This guide explains the steps of setting up and securing the Apache web server with
ModSecurity on Ubuntu 16.04.
Install Apache
Il faut installer Apache
Avant il faut tester le script malicieux ci-dessous, le script va s’exécuter. (Voir capture ci-
dessous)
http://127.0.0.1/index.html?exec=/bin/bash
1
Step 1: Installing Apache Web server
First, install Apache if it is not installed on Ubuntu 16.04 server. First update the Ubuntu
package index.
Restart Apache
$ sudo service apache2 restart
security2_module (shared)
$ sudo cp /etc/modsecurity/modsecurity.conf-recommended
/etc/modsecurity/modsecurity.conf
Then, edit the file that you have copied using nano or gedit editor:
$ SecRuleEngine = on
2
ModSecurity has default rules set located at /usr/share/modsecurity-crs directory. However,
it is always recommended to download the rules set from GitHub:
Then, download new rule set from GitHub using the command below:
Copy the sample configuration file from the downloaded rules using the command below:
To get these rules working on Apache, you should edit the /etc/apache2/mods-
enabled/security2.conf file using a gedit editor
$ IncludeOptional /usr/share/modsecurity-crs/*.conf
$ IncludeOptional "/usr/share/modsecurity-crs/rules/*.conf
Restart Apache:
$ sudo systemctl restart apache2
Now try to execute malicious scripts on a browser and see if ModSecurity rules will be
triggered. Enter the below URL on a browser. Remember to replace the IP address with the
public IP address of your server or domain name.
http://127.0.0.1/index.html?exec=/bin/bash
Forbidden: You don't have permission to access / on this server. Apache/2.4.29 (Ubuntu)
Server at 127.0.0.1 Port 80
3
Voir capture ci-dessous.
Conclusion
The Apache web server is now protected from malicious attackers. Note ModSecurity protects
against many known attacks including SQL injection. The module is a great arsenal when it
comes to hardening your web server from hackers.