I was reading tonite about the Apache module, mod_security, which allows you to tighten down the security of your web server. I will admit that I am not a pro with mod_security and I welcome any tips & tricks that the rest of you have. For the rest of you, if you are running a web server on an Ubuntu machine you can tighten a few things down by installing the mod_security module.
sudo aptitude install libapache2-mod-security
sudo /etc/init.d/apache2 force-reload
The first command installs the mod_security module. The second command enables the module within Apache, and the third restarts your Apache server to take advantage of the newly added module.
We’ll now need to set some rules. Below I have an example rules file which should work for most of you. Again, if you do have suggestions on expansions or revisions for this configuration please leave a comment. You can append these rules to the end of your current Apache configuration.
sudo gedit /etc/apache2/apache2/conf
Add the following to the end of the file
# Turn the filtering engine On or Off
# Make sure that URL encoding is valid
# Unicode encoding check
# Only allow bytes from this range
SecFilterForceByteRange 0 255
# Only log suspicious requests
# The name of the audit log file
# Debug level set to a minimum
# Should mod_security inspect POST payloads
# By default log and deny suspicious requests
# with HTTP status 500
After adding these rules we’ll again need to restart the Apache server to make use of them. You can restart the Apache server using:
sudo /etc/init.d/apache2 restart
I hope this helps in securing your web server. I have had my server hacked on a couple of occasions and each time has taught me something more about security. It doesn’t have to be difficult or complicated and a little bit of security preparation really goes a long way.
For more information on mod_security, configuration and options see the links below: