How to Install Mod_Security & Mod_Evasive

ModSecurity is a free open source web application firewall which can help you to guard against LFI (local file inclusion attacks) and SQL injection vulnerabilities. ModEvasive offers protection against DOS (denial of service attacks)

For Redhat/Centos with Cpanel

Just go to Cpanel WHM > Plugins > Enable Mod_Security > Save

That should install mod security in your cpanel. Under apache it should show under installed modules if you run test.php with phpinfo() in it. Try adding some mod security rules.

For Redhat/Centos without Cpanel:

Download the latest version for apache2 or apache1 from http://www.modsecurity.org

wget http://www.modsecurity.org/download/modsecurity-apache_2.1.7.tar.gz
tar zxf modsecurity-apache_2.1.7
cd modsecurity-apache_2.1.7
cd apache2

Then

/usr/local/apache/bin/apxs -cia modsecurity.c

Note: if you get errors like libxml2, apxs not found, then you will need to install the following packages using yum.

yum install httpd-devel libxml2

That should compile the modsecurity module and install in your httpd.conf file. The configuration file for modsecurity is located at /usr/local/apache/conf/modsec.conf. You will need to edit this file and add rules that would prevent LFI and other attacks inside tags

nano /usr/local/apache/conf/modsec.conf

# Prevent path traversal (..) attacks
# SecFilter “\.\./”

# Weaker XSS protection but allows common HTML tags
SecFilter “<( |\n)*script" # Prevent XSS atacks (HTML/Javascript injection) SecFilter "<(.|\n)+>”

# Very crude filters to prevent SQL injection attacks
SecFilter “delete[[:space:]]+from”
SecFilter “insert[[:space:]]+into”
SecFilter “select.+from”

Then

/etc/init.d/http restart

If you get module loading error while restarting apache, you will need to check those lines for any mistakes.