How to install? 1. Login to your server through SSH and su to the root user. 2. First your going to start out by grabbing the latest version of mod_security wget http://www.modsecurity.org/download/modsecurity-apache_1.9.5.tar.gz 3. Next we untar the archive and cd into the directory: tar zxvf modsecurity-apache_1.9.5.tar.gz cd modsecurity-apache_1.9.5.tar.gz 4. Now you need to determine which version of apache you use: APACHE 1.3.x users cd apache1/ APACHE 2.x users cd apache2/ 5. Lets Compile the module now: /usr/local/apache/bin/apxs -cia mod_security.c 6. Ok, now its time to edit the httpd conf file. First we will make a backup just incase something goes wrong: cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.backup 7. Now that we have backed it all up, we can edit the httpd.conf. Replace pico with nano depending on what you have pico /usr/local/apache/conf/httpd.conf 8. Lets look for something in the config, do this by holding control and pressing W and you are going to search for (altho any of the IfModules would work fine) 9. Now add this # Turn the filtering engine On or Off SecFilterEngine On # Change Server: string SecServerSignature " " # Make sure that URL encoding is valid SecFilterCheckURLEncoding On # This setting should be set to On only if the Web site is # using the Unicode encoding. Otherwise it may interfere with # the normal Web site operation. SecFilterCheckUnicodeEncoding Off # Only allow bytes from this range SecFilterForceByteRange 1 255 # The audit engine works independently and # can be turned On of Off on the per-server or # on the per-directory basis. "On" will log everything, # "DynamicOrRelevant" will log dynamic requests or violations, # and "RelevantOnly" will only log policy violations SecAuditEngine RelevantOnly # The name of the audit log file SecAuditLog /var/log/httpd/audit_log # Should mod_security inspect POST payloads SecFilterScanPOST On # Action to take by default SecFilterDefaultAction "deny,log,status:500" # Require HTTP_USER_AGENT and HTTP_HOST in all requests SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$" # Prevent path traversal (..) attacks #SecFilter "../" # Weaker XSS protection but allows common HTML tags SecFilter "<[[:space:]]*script" # Prevent XSS atacks (HTML/Javascript injection) SecFilter "<(.|n)+>" # Very crude filters to prevent SQL injection attacks SecFilter "delete[[:space:]]+from" SecFilter "insert[[:space:]]+into" SecFilter "select.+from" # Protecting from XSS attacks through the PHP session cookie SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$" SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$" 10. Save the file Ctrl + X then Y 11. Restart Apache /etc/rc.d/init.d/httpd stop /etc/rc.d/init.d/httpd start You've successfully installed mod_security!