(Or, how to get mod_security running in less than 5 minutes)

1. First, get the latest copy of mod_security:

wget http://www.modsecurity.org/download/modsecurity-apache-1.9.tar.gz

Or from:

http://www.gotroot.com/downloads/ftp/mod_security/ (cache)

2. Then extract it somewhere:

tar zxf modsecurity-apache-1.9.tar.gz

3. Enter the mod_security source code directory. From there, cd into the apache2 directory if you are using apache 2.x, or the apache1 directory if you are using apache 1.x:

cd modsecurity-apache-1.9/apache1

OR

cd modsecurity-apache-1.9/apache2

4. su to root so you can compile and install mod_security:

su root

5. Make a backup of your httpd.conf. You will need to locate it on your system, you can do with this command if you system has "locate" installed:

locate httpd.conf

Then copy it to somewhere safe:

cp /etc/httpd.conf /root/httpd.conf-backup

6. Compile mod_security as a module.

First, find out where apxs is:

which apxs

Then run this command (with the path to apxs from YOUR system):

apxs -cia mod_security.c

Note: Redhat 9 users, or any user that gets this error:

mod_security.c: In function `sec_audit_logger_concurrent':

mod_security.c:5403: `APR_MD5_DIGESTSIZE' undeclared (first use in this function)

mod_security.c:5403: (Each undeclared identifier is reported only once

mod_security.c:5403: for each function it appears in.)

apxs:Error: Command failed with rc=65536

You need to do the following additional steps to compile modsecurity:

First, you will need to install the subversion-devel rpm, from the fedora legacy RPM archives.  It will include the missing .h files.  (Or, if you can find them from other archive, make sure you have them installed)

Edit modsecurity.c, and add these two lines to the list of #include lines:

#include <apr-0/apr_md5.h>
#include <apr-0/apr_user.h>

Then, add these symlinks:

ln -s /usr/lib/libaprutil-0.so.0 /usr/lib/libaprutil-0.so
ln -s /usr/lib/libapr-0.so.0 /usr/lib/libapr-0.so

And then compile like this:

apxs -cai -lapr-0 -laprutil-0 mod_security.c

If you get any "file not found" errors, that means you need to install httpd-devel for your distribution. You try doing this with up2date, yum, apt, redcarpet, emerge or some other tool for your distribution. For example:

For up2date:

up2date -i httpd-devel

For yum:

yum install httpd-devel

Once you have httpd-devel install, try running this command again:

apxs -cia mod_security.c

7. Now add in the module to your httpd.conf file. You will need to pick the editor of your choice, we prefer to use vi, but you can use pico or anything else. If you use a windows editor, please keep in mind that it might add in Control-M's to the file, which can cause apache to break.

vi /etc/httpd/conf/httpd.conf

Search for this line:

For Apache 1.x:

AddModule mod_security.c

For Apache 2.x:

LoadModule security_module modules/mod_security.so

If you have it, mod_security is added to your httpd.conf, if not, you need to add in this line.

8. You can now proceed on to configuring mod_security for your system, The next step is documented on our mod_security rules page, scroll down to the "How to use the signatures and rules" section of that page. That page explains how to configure mod_security and how to protect your system against attacks by using mod_security signatures and rules. Plus, you can download our large collection of mod_security rules from that page.

---