#web server security

Data security has become one of the prime questions since the outburst of the internet. Whether it is private or business data, people want to keep their sensitive information from being snatched. But how do you protect your sensitive data in a world where cybercrime is a constant threat? For Small, as well as large …

In one of our article (Web Server Security (Apache or HTTPD) Part 2) we mentioned about two important modules which help us protect our web server. Here we learned that these two modules help to protect our server from brute force and DDOS attack. It also helps us to protect our server from several other attacks like deface attack (sql injection), cross site scripting and many more. As these two modules helps us to mitigate these kind of attacks and make our server more secure so we would discuss how to secure our website using this two modules. First of all we need to learn how we will install these two modules. Before installing we should make sure that our server is updated properly. If not then run the following command to update the server. #yum update –y Once the whole update is done then we have to install a whole repository so that we can install those two modules. # rpm -ivh Now let's install both the modules into our server. To do so, we need to run the below command. #yum --enablerepo=epel install mod_security mod_evasive Now run the below commands to check if both of them are installed properly. # httpd -M | grep evasive; httpd -M | grep security We will get two outputs from the above commands which are like below output. evasive20_module (shared) security2_module (shared) So after above these two checks we need to configure both the modules and integrate them with apache web server. Now we have to download and store the core rule set in a suitable place and let those modules connect to the core rule set directory. To do so let's create a directory to store the core rule set. # mkdir /etc/httpd/corerules Now let's download the core rule set using below command. # wget Now we have to uncompressed the file. #tar -xvf master From there we need to copy a directory to our targeted directory. # mv –R SpiderLabs-owasp-modsecurity-crs-*/* /etc/httpd/corerules/ Then we will find a file named modsecurity_crs_10_setup.conf.example. we have to move this file into modsecurity_crs_10_setup.conf file. So run the below command. # mv modsecurity_crs_10_setup.conf.example modsecurity_crs_10_setup.conf Once this part is done we need to work on apache configuration and make sure everything is working properly. For that we have to open the configuration file and add few lines in there to make this work. #vim /etc/httpd/conf/httpd.conf Add the following lines in this file. Include /etc/httpd/crs/modsecurity_crs_10_setup.conf Include /etc/httpd/crs/base_rules/*.conf Now restart the apache server. #systemctl restart httpd.service Now let's check the modules are included properly and the configurations of those files are okay. No go to the conf.d directory and find if these two modules have two files accordingly. #cd /etc/httpd/conf.d/ #ls –l We will see two names like below mod_security.conf mod_evasive.conf Now read these two files and we will find the same lines on both the files. Those lines are given below. LoadModule evasive20_module modules/mod_evasive24.so LoadModule security2_module modules/mod_security2.so Once this check is done then we need to configure both security and evasive files. This is the last touch to configure both the modules. So let's open the file inside the conf.d directory. #vim /etc/httpd/conf.d/mod_security.conf Add the below lines and save the file. SecRuleEngine On SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType text/plain text/html text/xml application/octet-stream SecDataDir /tmp Now exit the file and restart apache server. #systemctl restart httpd.service Now open the mod_evasive.conf file and let's edit this file to our desired configuration. # vim /etc/httpd/conf.d/mod_evasive.conf Now add the following lines in this file and save this file. DOSHashTableSize 3097 DOSPageCount 2 DOSSiteCount 50 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 10 DOSEmailNotify (your email address) Once this is done we have to exit the file and restart apache server. #systemctl restart httpd.service The whole process ends here. On our next article we will discuss about more security aspects.