What is mod_security?
Mod_security is an excellent tool to combat web based attacks, file/sql injection and it is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. Mod_security is free and open source which is available to everyone.
Install mod_security on Plesk
Since plesk is fully rpm based you can just install the mod_security module using the yum but mod_secuirty is not available in the common rpm repos, so you can make use if the atomicorp.com auto repo setup script to install the module using yum.
Unlike other Apache modules rpm installation, it wont add the LoadModule in the httpd conf by default. So you have to edit the httpd.conf file and add the following two lines below the LoadModule section.
Few problems and solutions :
If you are getting ModSecurity: Rule execution error – PCRE limits exceeded (-8): (null). waring in your error logs
The above error may eat up all your cpu’s and memory resource by creating around 100 to 150 MB of RSS memory per pid and you will see an unusual usage of locale-archive around 60 MB in pmap. To solve this problem
create the file pcre_modsecurity_exceeded_limits.conf inside the /etc/httpd/conf
Mod_security is an excellent tool to combat web based attacks, file/sql injection and it is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. Mod_security is free and open source which is available to everyone.
Install mod_security on Plesk
Since plesk is fully rpm based you can just install the mod_security module using the yum but mod_secuirty is not available in the common rpm repos, so you can make use if the atomicorp.com auto repo setup script to install the module using yum.
- # wget -q -O – http://www.atomicorp.com/installers/atomic.sh | sh
# yum install mod_security
Unlike other Apache modules rpm installation, it wont add the LoadModule in the httpd conf by default. So you have to edit the httpd.conf file and add the following two lines below the LoadModule section.
- # vi /etc/httpd/conf/httpd.conf
- LoadFile /usr/lib/libxml2.so
LoadModule security2_module modules/mod_security2.so
Include conf/mod_security.d/*.conf
- mkdir /etc/httpd/conf/mod_security.d
cd /etc/httpd/conf/mod_security.d
- wget http://www.modsecurity.org/download/modsecurity-core-rules_2.1-1.4.3.tar.gz
tar zxf modsecurity-core-rules_2.1-1.4.3.tar.gz
rm -f modsecurity-core-rules_2.1-1.4.3.tar.gz
- service httpd restart
(or)
/etc/init.d/httpd restart
Few problems and solutions :
If you are getting ModSecurity: Rule execution error – PCRE limits exceeded (-8): (null). waring in your error logs
The above error may eat up all your cpu’s and memory resource by creating around 100 to 150 MB of RSS memory per pid and you will see an unusual usage of locale-archive around 60 MB in pmap. To solve this problem
create the file pcre_modsecurity_exceeded_limits.conf inside the /etc/httpd/conf
- vi /etc/httpd/conf/pcre_modsecurity_exceeded_limits.conf SecPcreMatchLimit 150000
SecPcreMatchLimitRecursion 150000