Installing mod-security on ubuntu 10.04

ModSecurity: Open Source Web Application Firewall is a open source project that aim to secure web application running on webserver like Apache and block penetration or hacking attempt investigating in the body of http request.

I report some step I followed to install on my test web server

Installation:

apt-get install libapache-mod-security
cp -R /usr/share/doc/mod-security-common/examples/rules /etc/apache2/ 
nano /etc/apache2/conf.d/security

  # Append those lines
  <IfModule mod_security2.c>
        Include /etc/apache2/rules/*.conf
        Include /etc/apache2/rules/base_rules/*.conf
  </IfModule>

mkdir /etc/apache2/logs/
a2enmod mod-security
/etc/init.d/apache2 restart

Try it:

# disable mod-security, just for test
a2dismod mod-security && /etc/init.d/apache2 restart
echo "<? echo file_get_contents(\$_REQUEST['f']);" > /var/www/test.php
wget -qO- "http://localhost/test.php?f=/etc/passwd"
  root:x:0:0:root:/root:/bin/bash
  daemon:x:1:1:daemon:/usr/sbin:/bin/sh

# that's bad! Re-enable mod-security
a2enmod mod-security && /etc/init.d/apache2 restart
wget "http://localhost/test.php?f=/etc/passwd"
  HTTP request sent, awaiting response... 403 Forbidden

#finally, remove the test file
rm /var/www/test.php

Done!

Some useful links:

• Project documentation - http://www.modsecurity.org/documentation/
• Compiling and setup - http://wiki.tkoeppen.com/display/docs/howto+install+mod_security2+with+a...
• Ubuntu tutorial for mod-security and mod-evasive - http://www.linuxlog.org/?p=135
• .htaccess tricks - http://www.askapache.com/htaccess/mod_security-htaccess-tricks.html
• Tutorial for Debian Etch - http://www.howtoforge.com/apache2_mod_security_debian_etch
• Install on Windows XP - http://mewbies.com/how_to_install_mod_security_for_apache_tutorial.htm