ModSecurity is an open-source web application firewall that monitors incoming web requests to a web server in real time. It protects your web application against attacks such as session hijacking, SQL injection, cross-site scripting, etc., on web applications using the added rulesets. It is supported by web servers such as Apache, Nginx, and IIS.

Please refer to the following steps to install ModSecurity on AlmaLinux (8.x and 9.x):

Step 1: First, run the following command to update the software repository:

# sudo dnf update -y

Step 2: Install ModSecurity using the command given below: 

# sudo dnf install httpd mod_security -y

Step 3: You can check the Mod Security version with this command:

# sudo dnf info mod_security

Configure ModSecurity

After the installation, configure ModSecurity to detect and log any suspicious activity.

Step 1: We will copy the default ModSecurity config file to a new file.

# sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf

Step 2: Open the ModSecurity.conf file in your preferred editor.

# sudo vi /etc/modsecurity/modsecurity.conf

Step 3: At the top of the file, locate SecRuleEngine DetectionOnly. Change to the SecRuleEngine On.

Step 4: Save your changes to the ModSecurity.conf file.

Step 5: Enable and restart the Apache service on your server.

# sudo systemctl enable httpd
# sudo systemctl restart httpd

How to Download OWASP Core Rule Set

We can download the latest ModSecurity core ruleset (CRS) from the Open Web Application Security Project (OWASP) at CoreRuleSet.org to ensure that we have the latest ModSecurity rules.

Step 1: Run the following command to install Git:

# sudo dnf install git -y

Step 2: Download the CRS copy from git using this command:

# cd /etc/modsecurity/
# sudo git clone https://github.com/coreruleset/coreruleset.git
# cd coreruleset

Step 3: Copy the CRS file and the rules to ModSecurity.

# sudo cp crs-setup.conf.example crs-setup.conf

Step 4: Update Apache config to include CRS rules, create a file if needed:

# sudo nano /etc/httpd/conf.d/mod_security.conf
<IfModule security2_module>
IncludeOptional /etc/modsecurity/modsecurity.conf
Include /etc/modsecurity/coreruleset/crs-setup.conf
Include /etc/modsecurity/coreruleset/rules/*.conf
</IfModule> 

Step 5: Restart the Apache service with this command:

# sudo systemctl restart httpd
Get Linux VPS Hosting »
Was this answer helpful? 1 Users Found This Useful (2 Votes)

Most Popular Articles

How To Configure the Apache Web Server on an Ubuntu or Debian VPS

Apache is one of the internet's most favoured web servers, serving over half of all active...
Locations of Common Log Files and Configuration Files for cPanel Services

This article covers the configuration files and the log file locations of the most common cPanel...
Fix: Exim error-exim dead but subsys locked

The error “Exim dead but subsys locked” is a common message on Linux servers that use Exim as the...
How to Sync Time using NTP in the Ubuntu Server?

Linux server users might notice that even after manually setting the correct system time, it...
How to Generate a Certificate Signing Request (CSR) with OpenSSL?

Generating a Certificate Signing Request (CSR) is a critical step when setting up SSL for a web...