Apache is a very popular web server, and with that popularity comes a need to ensure its security. In this tutorial, we will show you how to harden and secure the Apache web server by installing and configuring mod_security and mod_evasive Apache modules.
Mod_security is a free web application firewall (WAF) Apache module that helps to protect your website from various attacks such as PHP and SQL injection attacks, cross-site scripting, path traversal attacks etc. Also, it allows for real-time analysis and HTTP traffic monitoring with little or no changes of the existing Apache configuration. Mod_evasive is an Apache module that helps to prevent server brute force attacks and HTTP DoS (DDoS) attacks.
Login via SSH and update the system
To begin, log in to your Ubuntu 16.04 VPS via SSH as user root
ssh root@IP_Address -p Port_number
Make sure that all OS packages are up to date by running the following command-line commands:
apt-get update apt-get upgrade
You can also enable automatic updates on your VPS.
Prerequisites
The mod_security and mod_evasive Apache modules have several requirements which we have to install on the server in order to run them. We need to have Apache server installed and running with enabled mod_headers module.
Install Apache, enable it to start on boot and start the Apache service:
sudo apt-get install apache2 -y sudo systemctl enable apache2.service sudo systemctl start apache2.service
Then, enable the mod_headers module using the following command:
sudo a2enmod headers
Install mod_security
Installation of the mod_security module is quite simple. Run the following command:
apt-get install libapache2-modsecurity
After installing, run the following command to enable the mod_security Apache module:
sudo a2enmod security2
We can check if mod_security module is active and enabled using the following command:
apachectl -M | grep security
If you see the following output:
security2_module (shared)
it means that mod_security module is enabled. There are no security rules configured by default, so we need to enable the mod_security rules. In order to do so, copy the recommended mod_security configuration file, then edit it and set the ‘SecRuleEngine’ option to On:
sudo cp /etc/modsecurity/modsecurity.conf{-recommended,}
sudo vi /etc/modsecurity/modsecurity.conf
SecRuleEngine On
Also, locate the line ‘SecResponseBodyAccess On’ and change it to:
SecResponseBodyAccess Off
It will disable response body inspection and save server resources.
The mod_security rules are available in following directories:
/usr/share/modsecurity-crs/base_rules /usr/share/modsecurity-crs/optional_rules /usr/share/modsecurity-crs/experimental_rules
1. To enable all of the CRS base rules, create symbolic links using the following command:
sudo ln -s /usr/share/modsecurity-crs/base_rules/*.conf /usr/share/modsecurity-crs/activated_rules/
To enable the CRS optional and experimental rules files you may want to use, create symbolic links under the ‘activated_rules’ directory location accordingly.
2. Alternatively, configure and enable the Open Web Application Security Project (OWASP) core rule set:
sudo apt-get install git sudo git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git sudo mv /usr/share/modsecurity-crs /usr/share/modsecurity-crs.bak sudo mv owasp-modsecurity-crs /usr/share/modsecurity-crs sudo mv /usr/share/modsecurity-crs/crs-setup.conf.example /usr/share/modsecurity-crs/crs-setup.conf
In both cases, we need to edit the /etc/apache2/mods-enabled/security2.conf file:
/etc/apache2/mods-enabled/security2.conf
Add these lines at the end:
IncludeOptional "/usr/share/modsecurity-crs/*.conf IncludeOptional "/usr/share/modsecurity-crs/rules/*.conf
For the changes to take effect, restart Apache with the command:
systemctl restart apache2
Check the /var/log/apache2/modsec_audit.log log file to find the rules that are being triggered by mod_security on your Apache web server. The error log is the same log file that is used by Apache to write error messages, normally stored at /var/log/apache2/error.log.
If you need more information and want to learn how to configure and use mod_security, read the official documentation.
Install mod_evasive
Install the mod_evasive module using the following command:
apt-get install libapache2-mod-evasive
After installing, run this command:
sudo a2enmod evasive
Edit the mod-evasive.conf file and configure mod_evasive module:
sudo vi /etc/apache2/mods-available/mod-evasive.conf
DOSHashTableSize 3097
DOSPageCount 10
DOSSiteCount 30
DOSPageInterval 1
DOSSiteInterval 3
DOSBlockingPeriod 3600
DOSLogDir /var/log/apache2/mod_evasive.log
Save and close that file.
For more details on the various configuration parameters, check the README file included with mod_evasive module.
Use the following command to check if mod_evasive module is active and enabled:
evasive20_module (shared)
Create a log file for mod_evasive:
touch /var/log/apache2/mod_evasive.log sudo chown www-data:www-data /var/log/apache2/mod_evasive.log
Run the following command to restart Apache:
systemctl restart apache2
That is it. Mod_security and mod_evasive modules have been successfully installed on your Ubuntu VPS.
Conclusion
In order to harden and secure your Apache web server it is a good idea to install and configure mod_security and mod_evasive modules on a Linux VPS with Ubuntu 16.04 OS installed on it.
Of course you don’t have to install mod_security and mod_evasive on Ubuntu 16.04, if you use one of our server support services, in which case you can simply ask our expert Linux admins to setup this for you. They are available 24×7 and will take care of your request immediately.
PS. If you liked this post on how to install mod_security and mod_evasive on Ubuntu 16.04, please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.
