How to install mod_security on Apache 2.x

What is mod_security or modsecurity?

ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding applications from attacks. ModSecurity supports both branches of the Apache web server.
This HOW-TO is for Apache 2.X only.

  1. cd /usr/local/src
  2. mkdir modsecurity2
  3. cd modsecurity2
  4. wget
  5. perl -pi -e ’s/ServerTokens Major/ServerTokens Full/’ /etc/httpd/conf/extra/httpd-default.conf
  6. perl -pi -e ’s/ServerSignature Off/ServerSignature On/’ /etc/httpd/conf/extra/httpd-default.conf
  7. perl -pi -e ’s/ServerSignature EMail/ServerSignature On/’ /etc/httpd/conf/extra/httpd-default.conf
  8. tar xzf modsecurity-apache_2.5.9.tar.gz
  9. cd modsecurity-apache_2.5.9
  10. cd apache2
  11. ./configure
  12. make
  13. make test
  14. make install

Now we download a pre-defined mod_sec ruleset,

  1. cd /etc/modsecurity2/
  2. wget

Add the new compiled mod_security module into the apache configuration,

  1. vi /etc/httpd/conf/httpd.conf


LoadModule php5_module /usr/lib/apache/


For 32bit -

  1. LoadFile /usr/lib/
  2. LoadModule security2_module     /usr/lib/apache/

For 64bit -

  1. LoadFile /usr/lib64/
  2. LoadModule security2_module     /usr/lib/apache/

At the botton of the httpd.conf config file we add the following,

  1. <IfModule mod_security2.c>
  2. # ModSecurity2 config file.
  3. #
  4. Include /etc/modsecurity2/modsec.v2.rules.conf
  5. </IfModule>

Restart the webserver.

  1. service httpd restart

Installation should be completed and mod_sec should be now loaded on your Apache webserve

Was this answer helpful?

 Print this Article

Also Read

How to secure /tmp and /var/tmp

Secure /tmp Edit /etc/fstab by typing the command nano -w /etc/fstab Paste the following...

How to prevent DDoS attack with csf?

First make sure DDOS attack is not from open recursive DNS settings. To check and fix that issue...

How to Secure PHP from php.ini

PHP's default configuration file, php.ini (usually found in /etc/php.ini on most Linux systems)...

WHM/cPanel Server Hardening And Security Basics

1. Introduction A step by step paper how to secure linux server with cPanel/WHM andApache...

How to Password Protect a Directory

This tutorial will teach how to password protect a directory. Password protecting a directory...