Q. What is Mod_Security?

Mod_Security is an open source web application firewall (WAF) and intrusion detection and prevention system for web applications. It is used to protect and monitor real time HTTP traffic and web applications from brute fore attacks.

Q. What is Mod_Evasive?

Mod_Evasive is an open source evasive maneuvers system for Apache server to provide evasive action in the event of an HTTP brute force, Dos or DDOS attack. It was designed to use as a network traffic detection and network management tool and can be easily configured and integrated into firewalls, ipchains, routers etc. Presently, it sends abuses reports via email and syslog facilites.

Step: 1. Installing Dependencies for mod_security :

# yum -y install gcc make wget
# yum -y install libxml2 libxml2-devel httpd-devel pcre-devel curl-devel

Step: 2. Installing Mod_Security :

# cd /usr/src
# wget http://www.modsecurity.org/download/modsecurity-apache_2.6.6.tar.gz
# tar xzf modsecurity-apache_2.6.6.tar.gz
# cd modsecurity-apache_2.6.6
# ./configure
# make install
# cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf

Step: 3. Downloading OWASP Mod_Security Core Rule Set :

# cd /etc/httpd/
# wget http://pkgs.fedoraproject.org/repo/pkgs/mod_security_crs/modsecurity-crs_2.2.5.tar.gz/aaeaa1124e8efc39eeb064fb47cfc0aa/modsecurity-crs_2.2.5.tar.gz
# tar xzf modsecurity-crs_2.2.5.tar.gz
# mv modsecurity-crs_2.2.5 modsecurity-crs
# cd modsecurity-crs
# cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_setup.conf

Step: 4. Configuring Mod_Security :

# vi /etc/httpd/conf/httpd.conf

Search for the line LoadModule in your httpd.conf and add this below line at the bottom.

LoadModule security2_module modules/mod_security2.so

Uncommented this Module :

LoadModule unique_id_module modules/mod_unique_id.so

Now set the basic rule set in your httpd.conf file. Add the following lines of code at the end of the file :

<IfModule security2_module>
    Include modsecurity-crs/modsecurity_crs_10_setup.conf
    Include modsecurity-crs/base_rules/*.conf
</IfModule>

-- Save & Quit (:wq)

Step: 5. Restart Apache Server :

# service httpd restart

How to Install Mod_Evasive in RHEL/CentOS

Step: 1. Installing Mod_Evasive :

# cd /usr/src
# wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz
# tar xzf mod_evasive_1.10.1.tar.gz
# cd mod_evasive
# apxs -cia mod_evasive20.c

Step: 2. Configuring Mod_Evasive :

# vi /etc/httpd/conf/httpd.conf

By default installation adds the following line of mod_evasive configuration to your Apache configuration file. Please verify that it should be there like similar to below. If you can’t see this below line, then add this to your httpd.conf file.

LoadModule evasive20_module   /usr/lib64/httpd/modules/mod_evasive20.so

Now add the mod_evasive configuration parameters to your Apache configuration at the end. Replace someone@somewhere.com with your Email Id to get email alerts.

<IfModule mod_evasive20.c>
        DOSHashTableSize    3097
        DOSPageCount        2
        DOSSiteCount        50
        DOSPageInterval     1
        DOSSiteInterval     1
        DOSBlockingPeriod   60
        DOSSystemCommand  "echo 'My Organization-mod_evasive HTTP Blacklisted %s on your_hostname (192.168.100.220) more info here: http://www.whatismyipaddress.com/ip/%s' | mail -s 'My Organization Banned IP by mod_evasive on your_hostname' -r myapache@domian.com someone@somewhere.com"
</IfModule>

-- Save & Quit (:wq)

Step: 3. Next restart the Apache service to Update Changes :

# service httpd restart

Thanks For Visiting on My Blog, For More Tutorials Keep Visiting My Blog