Secure Apache webserver with mod_security : Ubuntu (6.06.1 / 6.10)

By | 2006/12/17

I was reading tonite about the Apache module, mod_security, which allows you to tighten down the security of your web server. I will admit that I am not a pro with mod_security and I welcome any tips & tricks that the rest of you have. For the rest of you, if you are running a web server on an Ubuntu machine you can tighten a few things down by installing the mod_security module.


sudo aptitude install libapache2-mod-security

a2enmod mod-security

sudo /etc/init.d/apache2 force-reload

The first command installs the mod_security module. The second command enables the module within Apache, and the third restarts your Apache server to take advantage of the newly added module.


We’ll now need to set some rules. Below I have an example rules file which should work for most of you. Again, if you do have suggestions on expansions or revisions for this configuration please leave a comment. You can append these rules to the end of your current Apache configuration.

sudo gedit /etc/apache2/apache2/conf

Add the following to the end of the file

<IfModule mod_security.c>

# Turn the filtering engine On or Off

SecFilterEngine On

# Make sure that URL encoding is valid

SecFilterCheckURLEncoding On
# Unicode encoding check

SecFilterCheckUnicodeEncoding Off

# Only allow bytes from this range

SecFilterForceByteRange 0 255

# Only log suspicious requests

SecAuditEngine RelevantOnly

# The name of the audit log file

SecAuditLog /var/log/apache2/audit_log

# Debug level set to a minimum

SecFilterDebugLog /var/log/apache2/modsec_debug_log

SecFilterDebugLevel 0

# Should mod_security inspect POST payloads

SecFilterScanPOST On

# By default log and deny suspicious requests

# with HTTP status 500

SecFilterDefaultAction "deny,log,status:500"


After adding these rules we’ll again need to restart the Apache server to make use of them. You can restart the Apache server using:

sudo /etc/init.d/apache2 restart

I hope this helps in securing your web server. I have had my server hacked on a couple of occasions and each time has taught me something more about security. It doesn’t have to be difficult or complicated and a little bit of security preparation really goes a long way.

For more information on mod_security, configuration and options see the links below:

Secure your Apache with mod_security – HowtoForge

Secure your Apache2 with mod-security –

technorati tags:, , , , , ,

One thought on “Secure Apache webserver with mod_security : Ubuntu (6.06.1 / 6.10)

Comments are closed.