Install and Configure ModSecurity on Ubuntu 16.04 Server
Mod_security, also commonly called Modsec for short, is a powerful WAF (Web Application Firewall) that integrates directly into Apache’s module system. This direct integration allows the security module to intercept traffic at the earliest stages of a request. Early detection is crucial for blocking malicious requests before they are passed along to web applications hosted by Apache websites. This provides and extra layer of protection against common threats a server faces. This article will explore the installation of mod_security along with the CRS (Core Rule Set) in an Ubuntu 16.04 LTS Server running Apache 2.4.
Whitelisting in ModSecurity
Broken down into two parts our article's first section hits on “how to whitelist IPs or URIs," for people who are somewhat familiar with ModSecurity but want to know further about the process. Our second section examines why we configure ModSecurity and how to prevent the security of the server from getting in the way of our work. If you have a Fully Managed Liquid Web server reach out to our Heroic Support team for assistance with whitelisting!
When Mod Security Attacks
One component of Liquid Web’s Server Secure service is an Apache module called Mod Security (often shortened to just “modsec”). Modsec monitors all incoming HTTP requests for malicious behavior and does not complete requests that meet certain criteria. These criteria are spelled out in what are called “rules” or “rulesets”.
Our Sales and Support teams are available 24 hours by phone or e-mail to assist.