Modsecurity 2 [Anti Exploits]

Please review

This an tutorial for Server Administrators who running Web Server,
this an Rules for Apache 2.x for better Security !

P.S: you must have Apache 2.x and Modsecurity_2 Installed

Step 1) Downloading & Uncompress Rules

cd /etc
tar -xzvf modsec2_rules.tar.gz

Step 2) Edit modsec2.conf

vi /usr/local/apache/conf/modsec2.conf

Step 3) Copy and Paste this rules into your modsec2.conf

<IfModule mod_security2.c>
SecRuleEngine On
# "Add the rules that will do exactly the same as the directives"
# SecFilterCheckURLEncoding On
# SecFilterForceByteRange 0 255
SecAuditEngine RelevantOnly
SecAuditLog logs/modsec_audit.log
SecDebugLog logs/modsec_debug_log
SecDebugLogLevel 0
SecDefaultAction "phase:2,deny,log,status:406"
SecRule REMOTE_ADDR "^$" nolog,allow
Include "/usr/local/apache/conf/modsec2.user.conf"

SecServerSignature "Rules Powered By"

#First, add in your exclusion rules:
#These MUST come first!
Include /etc/modsecurity/exclude.conf

#Application protection rules
Include /etc/modsecurity/rules.conf

#Just in Time Patches for Vulnerable Applications
Include /etc/modsecurity/jitp.conf

#Comment spam rules
Include /etc/modsecurity/blacklist.conf

#Bad hosts, bad proxies and other bad players
Include /etc/modsecurity/blacklist2.conf

#Bad clients, known bogus useragents and other signs of malware
Include /etc/modsecurity/useragents.conf

#Known bad software, rootkits and other malware
Include /etc/modsecurity/rootkits.conf

#Additional rules for Apache 2.x ONLY! Do not add this line if you use Apache 1.x
Include /etc/modsecurity/apache2-rules.conf


Step 5) save and exit the file by clicking escape then typing


Step 6) lets Apply the new setting by restarting Apache

services httpd restart


/etc/init.d/httpd restart
  • 49 Users Found This Useful
Was this answer helpful?

Related Articles


  One way to stop one of the more basic attacks on a server is mod_evasive.This how-to...

Restrict SSH Access by IP Address on Linux

  Opening SSH to the outside world on your home LAN is a convenience if you are away from...


EXPLOIT REMOVAL INSTRUCTIONS ON NON-VPS SERVER (Linux/Unix):1. Execute the following 3 command...