How to Install Mod_Security and Mod_Evasive
—————————————————————-
For Redhat/Centos with Cpanel
Just go to Cpanel WHM > Plugins > Enable Mod_Security > Save
That should install mod security in your cpanel. Under apache it should show under installed modules if you run test.php with phpinfo() in it. Try adding some mod security rules.
—————————————————————-
For Redhat/Centos without Cpanel:
Download the latest version for apache2 or apache1 from http://www.modsecurity.org
—————————————————————-
wget http://www.modsecurity.org/download/modsecurity-apache_2.1.7.tar.gz
tar zxf modsecurity-apache_2.1.7
cd modsecurity-apache_2.1.7
cd apache2
—————————————————————-
Then
/usr/local/apache/bin/apxs -cia modsecurity.c
Note: if you get errors like libxml2, apxs not found, then you will need to install the following packages using yum.
yum install httpd-devel libxml2
That should compile the modsecurity module and install in your httpd.conf file. The configuration file for modsecurity is located at /usr/local/apache/conf/modsec.conf. You will need to edit this file and add rules that would prevent LFI and other attacks inside tags
—————————————————————-
vi /usr/local/apache/conf/modsec.conf
# Prevent path traversal (..) attacks
# SecFilter “../”
# Weaker XSS protection but allows common HTML tags
SecFilter “
# Prevent XSS atacks (HTML/Javascript injection)
SecFilter “”
# Very crude filters to prevent SQL injection attacks
SecFilter “delete[[:space:]]+from”
SecFilter “insert[[:space:]]+into”
SecFilter “select.+from”
—————————————————————-
Then
/etc/init.d/http restart
If you get module loading error while restarting apache, you will need to check those lines for any mistakes.