I was reading tonite about the Apache module, mod_security, which allows you to tighten down the security of your web server. I will admit that I am not a pro with mod_security and I welcome any tips & tricks that the rest of you have. For the rest of you, if you are running a web server on an Ubuntu machine you can tighten a few things down by installing the mod_security module.
Installation
sudo aptitude install libapache2-mod-securitya2enmod mod-security
sudo /etc/init.d/apache2 force-reload
The first command installs the mod_security module. The second command enables the module within Apache, and the third restarts your Apache server to take advantage of the newly added module.
Configure
We’ll now need to set some rules. Below I have an example rules file which should work for most of you. Again, if you do have suggestions on expansions or revisions for this configuration please leave a comment. You can append these rules to the end of your current Apache configuration.
sudo gedit /etc/apache2/apache2/conf
Add the following to the end of the file
<IfModule mod_security.c># Turn the filtering engine On or Off
SecFilterEngine On
# Make sure that URL encoding is valid
SecFilterCheckURLEncoding On
# Unicode encoding checkSecFilterCheckUnicodeEncoding Off
# Only allow bytes from this range
SecFilterForceByteRange 0 255
# Only log suspicious requests
SecAuditEngine RelevantOnly
# The name of the audit log file
SecAuditLog /var/log/apache2/audit_log
# Debug level set to a minimum
SecFilterDebugLog /var/log/apache2/modsec_debug_log
SecFilterDebugLevel 0
# Should mod_security inspect POST payloads
SecFilterScanPOST On
# By default log and deny suspicious requests
# with HTTP status 500
SecFilterDefaultAction "deny,log,status:500"
</IfModule>
After adding these rules we’ll again need to restart the Apache server to make use of them. You can restart the Apache server using:
sudo /etc/init.d/apache2 restart
I hope this helps in securing your web server. I have had my server hacked on a couple of occasions and each time has taught me something more about security. It doesn’t have to be difficult or complicated and a little bit of security preparation really goes a long way.
For more information on mod_security, configuration and options see the links below:
Secure your Apache with mod_security – HowtoForge
Secure your Apache2 with mod-security – Debuntu.org
technorati tags:apache, apache2, mod_security, ubuntu, server, web, security
its so interesting, very nice post