Information
ModSecurity is an open source web application firewall (WAF) for real-time web application monitoring, logging, and access control. It enables but does not include a powerful customizable rule set, which may be used to detect and block common web application attacks. Installation of ModSecurity without a rule set does not provide additional security for the protected web applications. Refer to the benchmark recommendation '_Install and Enable OWASP ModSecurity Core Rule Set_' for details on a recommended rule set.
**Note:** Like other application security/application firewall systems, ModSecurity requires a significant commitment of staff resources for initial tuning of the rules and handling alerts. In some cases, this may require additional time working with application developers/maintainers to modify applications based on analysis of the results of tuning and monitoring logs. After setup, an ongoing commitment of staff is required for monitoring logs and ongoing tuning, especially after upgrades/patches. Without this commitment to tuning and monitoring, installing ModSecurity may NOT be effective and may provide a false sense of security.
Rationale:
Installation of the ModSecurity Apache module enables a customizable web application firewall rule set which may be configured to detect and block common attack patterns as well as block outbound data leakage.
Solution
1. Install the ModSecurity module if it is not already installed in 'modules/mod_security2.so'. It may be installed via OS package installation (such as 'apt-get' or 'yum') or built from the source files. See [https://www.modsecurity.org/download.html](https://www.modsecurity.org/download.html) for details.
2. Add or modify the 'LoadModule' directive if not already present in the Apache configuration as shown below. Typically the 'LoadModule' directive is placed in file named 'mod_security.conf' which is included in the Apache configuration:
LoadModule security2_module modules/mod_security2.so