Skip to content
Follow
Ubuntu Linux

Install ModSecurity on Apache for Ubuntu: A Comprehensive Guide

Richard
Written by
Richard
Nov 2, 2022 Updated Jun 20, 2026 4 min read
Enable Automatic Suspension in Ubuntu Linux Easily

You install ModSecurity on Apache for Ubuntu to enable a robust web application firewall (WAF) for enhanced server security.

ModSecurity, often shortened to ModSec, acts as a crucial security layer that inspects incoming HTTP traffic. It actively blocks malicious requests, such as those attempting SQL injection or cross-site scripting (XSS), before they can harm your web applications.

This guide focuses on integrating ModSecurity version 3.0.10 with Apache 2.4 on Ubuntu 22.04 LTS, a powerful setup to defend your web server.

You will learn to configure ModSecurity effectively to protect your Apache web applications from common online threats.

⚡ Quick Answer

Install ModSecurity and the Apache module using `sudo apt update` and `sudo apt install apache2 libapache2-mod-security2`. Enable the module with `sudo a2enmod security2` and reload Apache.

How to install ModSec with Apache on Ubuntu Linux

As described above, ModSec is an open-source web application firewall (WAF). Initially developed as a module on Apache, it is now a full-fledged WAS supporting Nginx and IIS.

Below is how to install it with the Apache HTTP server.

Install ModSecurity and Apache

Installing ModSecurity for Apache on Ubuntu is straightforward using terminal commands.

🐧Bash / Shell
sudo apt update
sudo apt install apache2 libapache2-mod-security2

To check that ModSec is installed, run the commands below.

💻Code
apachectl -M | grep security

The command above should output a line below.

💻Code
security2_module (shared)

If it’s not enabled, you can enable the module by running the commands below.

🐧Bash / Shell
sudo a2enmod security2
sudo systemctl reload apache2

Configure ModSecurity

To make ModSecurity actively block threats on your Apache server running Ubuntu, you’ll need to change its main settings file.

You’ll find the default configuration file at /etc/modsecurity/modsecurity.conf-recommended. To start customizing, copy this file and rename it modsecurity.conf.

🐧Bash / Shell
sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf

Next, run the commands below to open the newly created config file.

🐧Bash / Shell
sudo nano /etc/modsecurity/modsecurity.conf

Change the highlighted lines in the file from DetectionOnly to On.

💻Code
# -- Rule engine initialization ----------------------------------------------
# Enable ModSecurity, attaching it to every transaction. Use detection
# only to start with, because that minimises the chances of post-installation
# disruption.
#
SecRuleEngine On

# -- Request body handling ---------------------------------------------------
# Allow ModSecurity to access request bodies. If you don't, ModSecurity
# won't be able to see any POST parameters, which opens a large security
# hole for attackers to exploit.

SecRequestBodyAccess On

# Enable XML request body parser.
# Initiate XML Processor in case of xml content-type

Save and exit, then restart Apache.

🐧Bash / Shell
sudo systemctl restart apache2

Add OWASP ModSecurity rules

Adding the OWASP Core Rule Set (CRS) to your ModSecurity setup on Ubuntu provides strong, recommended security rules to protect your web applications.

Clone the latest OWASP CRS from GitHub to the /usr/share/ directory by running the commands below.

🐧Bash / Shell
sudo rm -rf /usr/share/modsecurity-crs
sudo git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git /usr/share/modsecurity-crs

Next, rename the example file to crs-setup.conf.

🐧Bash / Shell
sudo mv /usr/share/modsecurity-crs/crs-setup.conf.example /usr/share/modsecurity-crs/crs-setup.conf

Next, run the commands below to open the ModSec security configuration file.

🐧Bash / Shell
sudo nano /etc/apache2/mods-enabled/security2.conf

Then, edit the highlighted lines to enable the OWASP rules we downloaded above.

💻Code
<IfModule security2_module>
        # Default Debian dir for modsecurity's persistent data
        SecDataDir /var/cache/modsecurity
		
        # Include all the *.conf files in /etc/modsecurity.
        # Keeping your local configuration in that directory
        # will allow for an easy upgrade of THIS file and
        # make your life easier
        IncludeOptional /etc/modsecurity/*.conf
		
        # Include OWASP ModSecurity CRS rules if installed

        IncludeOptional /usr/share/modsecurity-crs/*.conf
        IncludeOptional /usr/share/modsecurity-crs/rules/*.conf
</IfModule>

Save and exit.

Restart Apache and you’re good to go.

🐧Bash / Shell
sudo systemctl restart apache2

To test that ModSec is running, run the commands below.

💻Code
curl 'http://127.0.0.1/test.html?a=<script>alert(1);</script>'

You should get an output message similar to the one below:

💻Code
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this resource.</p>
<hr>
<address>Apache/2.4.52 (Ubuntu) Server at 127.0.0.1 Port 80</address>
</body></html>

That should do it!

Conclusion:

  • ModSecurity is a powerful open-source web application firewall (WAF) that offers an extra layer of security to detect and prevent attacks before they reach the web application.
  • Following the installation steps outlined above, you can successfully set up ModSecurity with Apache on Ubuntu Linux.
  • OWASP ModSecurity rules, when applied, provide recommended security settings to protect your applications further.
  • After completing the installation and configuration, you can verify the functionality of ModSecurity by testing it with a sample HTTP request.
  • Your feedback is welcomed, and please feel free to use the comment form below to report any errors or add additional insights.

What is mod_security in Apache?

ModSecurity is the standard open-source web application firewall (WAF) engine. Originally designed as a module for the Apache HTTP Server, it has evolved to provide HTTP request and response filtering capabilities across a number of different platforms including Apache HTTP Server, Microsoft IIS and Nginx.

Is ModSecurity a good WAF?

Why use ModSecurity? Web Application Firewalls are often the first line of defense against HTTP attacks on web applications and servers. The ModSecurity WAF is widely used for this purpose along with the Coraza WAF, also provided by OWASP.

Was this guide helpful?

Tags: #Apache #Ubuntu Linux
Was this helpful?
Richard

About the Author

Richard

Tech Writer, IT Professional

Richard, a writer for Geek Rewind, is a tech enthusiast who loves breaking down complex IT topics into simple, easy-to-understand ideas. With years of hands-on experience in system administration and enterprise IT operations, he’s developed a knack for offering practical tips and solutions. Richard aims to make technology more accessible and actionable. He's deeply committed to the Geek Rewind community, always ready to answer questions and engage in discussions.

2642 articles → Twitter

📚 Related Tutorials

How to Install Windows Subsystem for Linux (WSL) on Windows 11
Ubuntu Linux How to Install Windows Subsystem for Linux (WSL) on Windows 11
How to Allow Remote Connections to MySQL Database Server
Ubuntu Linux How to Allow Remote Connections to MySQL Database Server
How to Add a User to Sudoers in Ubuntu
Ubuntu Linux How to Add a User to Sudoers in Ubuntu
How to Install KDE Desktop on Ubuntu 24.04
Ubuntu Linux How to Install KDE Desktop on Ubuntu 24.04

No comments yet — be the first to share your thoughts!

Leave a Comment

Your email address will not be published. Required fields are marked *

Exit mobile version