Fortify Apache Web Server with mod_evasive and mod_security on Ubuntu 10.04 LTS server

On November 27, 2010, in Linux, Uncategorized, by Alan Zhao

Simply Said:

mod_evasive – used to prevent DDoS attacks

mod_security – used to prevent a wide range of attacks include SQL injection and XSS attacks

Let’s begin.

Installation of mod_evasive on Ubuntu 10.04 LTS server

  • sudo apt-get install libapache2-mod-evasive – module should be enabled by the installation if not do: a2enmod mod-evasive
  • Add following to a new config file: /etc/apache2/conf.d/mod-evasive:
    • <ifmodule mod_evasive20.c>
      DOSHashTableSize 3097
      DOSPageCount 2
      DOSSiteCount 50
      DOSPageInterval 1
      DOSSiteInterval 1
      DOSBlockingPeriod 10
      DOSEmailNotify your.email@yahoo.com
      DOSLogDir “/var/log/mod_evasive”
      #DOSWhitelist 127.0.0.*
      </ifmodule>
  • Create a new log directory under /var/log/mod-evasive, do chown www-data:www-data /var/log/mod-evasive
  • Restart apache

More infomation can be found: http://www.sourcefiles.org/Internet/WebServers/Modules/Security/mod_evasive_1.10.1.tar.gz.shtml

Testing of mod_evasive

Open up a web page resides in /var/www and use the refresh button on the browser do a few quick refreshes, you should see:

Forbidden

You don’t have permission to access /phpMyAdmin/ on this server.

Installation of mod_security on Ubuntu 10.04 LTS server

  • sudo apt-get install libapache2-mod-security – module should be enabled by the installation if not do: a2enmod mod-security
  • Add following to a new config file: /etc/apache2/conf.d/mod-security:
    • <IfModule security2_module>
      Include modsecurity-rules/*.conf
      Include modsecurity-rules/base_rules/*.conf
      </IfModule>
  • Create a new directory: /etc/apache2/modsecurity-rules
    • wget http://downloads.sourceforge.net/project/mod-security/modsecurity-apache/2.5.12/modsecurity-apache_2.5.12.tar.gz, extract all contents to /tmp, copy everything under /rules to /etc/apache2/modsecurity-rules
    • At /etc/apache2/modsecurity-rules, do rm -rf CHANGELOG LICENSE READ util
  • Restart apache

Testing of mod_security

The following concepts are borrowed from this guy’s blog: http://blog.bodhizazen.net/linux/how-to-mod_security-ubuntu-904/

Create a PHP script under /var/www named insecured.php with following content:

<?php
$secret_file = $_GET['secret_file'];
include ( $secret_file);
?>

Run the script like this: http://localhost/insecured.php?secret_file=/etc/passwd, you should see:

Forbidden

You don’t have permission to access /insecure.php on this server.

More information can be found: http://www.modsecurity.org/documentation/modsecurity-apache/2.1.0/modsecurity2-apache-reference.html#N107B3

If you enjoyed this article, please consider sharing it!
Twitter Delicious Digg

 

One Response to Fortify Apache Web Server with mod_evasive and mod_security on Ubuntu 10.04 LTS server

  1. yiatsi says:
    September 8, 2011 at 8:13 AM

    Nice tutor simple and substantial i will perform those steps when i get home…

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>