Installing mod_security and mod_evasive on Debian

→ Are you a new visitor? Please visit the page guidance for new visitors ←

Installing mod_security and mod_evasive on Debian

In this article I’m going to show you how to install mod_security for web scanning and mod_evasive for dos protection. First thing you need to have a Webserver like apache installed and also with mod_headers enabled:

After you are done installing the Webserver we can begin and install the modules that we were talking about at the beginning.

  • Installing mod_security

On Debian based operating system you would install the packages using apt or aptitude, for example:

It will let you know that you need to install other dependencies, choose Yes and finish the installation.

The next part is to enable mod_security by editing the recommended configuration file:

You will need to change the following line containing the string SecRuleEngine to enable the security engine:

And also need to enable the apache module

I would also recommend adding or changing the values of the bellow directive to 16MB

By default this is only set to 128kb and most dynamic websites will have problems when writing content or posting data or uploading content.

I’ll probably make another article showing you how you can harden/add more security rules, but for now we only need it installed and default settings set.

Now just restart the Webserver and we are done:

  • Installing mod_evasive

Similar to how we installed mod_security, we install mod_evasive by running the command:

We now need to create a log directory for mod_evasive and set proper permission:

The same as before, we need to create the module configuration file inside

and also add the configurations based on the ones you need. Keep just mind to whitelist the server IP in case you have a reverse proxy or similar configuration.

More information here:
http://www.helicontech.com/ape/doc/mod_evasive.htm

Then enable the apache module running the command:

and also restart the Webserver:

Request an article ←