Menu

Thursday, 6 May 2021

How to install opensource mod_security on Apache 2.4

 Step 1: Download the mod_security  binaries 

https://github.com/SpiderLabs/ModSecurity/releases/download/v2.9.1/modsecurity-2.9.1.tar.gz

 Or 

https://src.fedoraproject.org/lookaside/pkgs/mod_security/


Step 2: tar -zxvf modsecurity-2.9.1.tar.gz

 

Step 3: cd modsecurity-2.9.1

 

Step 4: Run below commands:

            ./configure --with-apxs=$Apache_Home/bin/apxs

make

make install

 

 Step 5: Add/Enable module in httpd.conf file.

LoadModule unique_id_module modules/mod_unique_id.so

LoadModule security2_module modules/mod_security2.so

 

 Step 6: for version disclosed add below parameters in httpd.conf

           ########################################

Header unset Server

Header unset Etag

ServerTokens Prod

ServerSignature off

Header always unset "X-Powered-By"

Header unset "X-Powered-By"

 

<IfModule security2_module>

    SecRuleEngine Off

    ServerTokens Full

    SecServerSignature " "

</IfModule>

#########################################

 Thanks :-)

 How to install opensource mod_security on Apahce 2.4

No comments:

Post a Comment