, at the time of writing this guide it’s version 2.7.5.
wget https://www.modsecurity.org/tarball/...y-2.8.0.tar.gz
Then extract the tar.gz:


tar zvxf modsecurity-*
Installation is pretty straightforward:

cd modsecurity-*
yum install expat-devel -y
./configure
make
make install
cp modsecurity.conf-recommended /etc/httpd/conf/modsecurity.conf
We have succesfully installed mod_security, but we need to tell Apache about it. Add this to/etc/httpd/conf/extra/httpd-includes.conf

## Load dependencies ##
LoadFile /usr/local/lib/libxml2.so
## Load mod_security ##
LoadModule security2_module /usr/lib/apache/mod_security2.so
Restart httpd for mod_security to kick in!

service httpd restart
To check if the mod_security module has loaded, type this and find security2_module (shared):

apachectl -t -D DUMP_MODULES
Installing OWASP rules (http://spiderlabs.gi…modsecurity-crs):

wget https://github.com/SpiderLabs/owasp-...tarball/master
mv master rules.tar.gz
tar zvxf rules.tar.gz
cd SpiderLabs-owasp-modsecurity*
mkdir /etc/httpd/conf/crs
mv * /etc/httpd/conf/crs
cd /etc/httpd/conf/crs
mv modsecurity_crs_10_setup.conf.example modsecurity_crs_10_setup.conf
for f in `ls base_rules/` ; do sudo ln -s /etc/httpd/conf/crs/base_rules/$f activated_rules/$f ; done
for f in `ls optional_rules/ | grep comment_spam` ; do sudo ln -s /etc/httpd/conf/crs/optional_rules/$f activated_rules/$f ; done
Now add the following to /etc/httpd/conf/extra/httpd-includes.conf:

<IfModule security2_module>
Include conf/crs/modsecurity_crs_10_setup.conf
Include conf/crs/activated_rules/*.conf
</IfModule>
Finally restart Apache…

service httpd restart
https://blog.web4asia.in/?p=123