mod_security2 installation on apache2 and configuration(Linux)

Download and install modsec2

cd /usr/src/src


tar -zxf modsecurity-apache_2.5.13.tar.gz

cd modsecurity-apache_2.5.13

cd apache2

./configure –with-apxs=/usr/local/apache/bin/apxs


make install


You can see the module has been added to /usr/local/apache/modules/  directory.


Now we ned to configure modsec2. Create a file called /usr/local/apache/conf/modsec2.conf and enter the text below

vi /usr/local/apache/conf/modsec2.conf


LoadModule security2_module  modules/
<IfModule mod_security2.c>
SecRuleEngine On
# See
#  “Add the rules that will do exactly the same as the directives”
# SecFilterCheckURLEncoding On
# SecFilterForceByteRange 0 255
SecAuditEngine RelevantOnly
SecAuditLog logs/modsec_audit.log
SecDebugLog logs/modsec_debug_log
SecDebugLogLevel 0
SecDefaultAction “phase:2,deny,log,status:406”
SecRule REMOTE_ADDR “^$” nolog,allow
Include “/usr/local/apache/conf/


Download modsec rules from here.

cd /usr/local/apache/conf/

Add the following line inside httpd.conf file.

Include “/usr/local/apache/conf/modsec2.conf”

Check if the apache syntax is correct.

/etc/rc.d/init.d/httpd configtest

If syntax Ok, do a graceful restart of apache

/etc/rc.d/init.d/httpd graceful


If modsec throws this error in apache error_log


ModSecurity: ModSecurity requires mod_unique_id to be installed



cd /home/cpeasyapache/src/httpd-x.x.x/modules/metadata

/usr/local/apache/bin/apxs -i -a -c mod_unique_id.c

cheeck apache configuration

/etc/rc.d/init.d/httpd configtest


If syntax ok, restart apache

 /etc/rc.d/init.d/httpd graceful


If not cpanel server, download the apache version source file from


[root@server ]# /usr/sbin/httpd -v
Server version: Apache/2.2.3

tar -zxf httpd-2.2.3.tar.gz

cd httpd-2.2.3

/usr/sbin/apxs -i -a -c mod_unique_id.c

/etc/rc.d/init.d/httpd configtest

/etc/rc.d/init.d/httpd graceful


Test it


  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: