# mod_security for beginners



## PeWiWa (Dec 22, 2011)

I set up an apache22 from the current 8.2 release and installed mod_security from the ports. All went fine, no obvious errors.

But, I can't see any effect of mod_security and I don't know whether it is on or off.

Does anybody have some starting hints for me? The documentation seems to be a litte outdated and lacks of examples, esp. for a simple start.

I want to know what _exactly_ has to be done in (as simple as possible)

- httpd.conf
- mod_security configfiles
- /var/asl/...? Nothing in documentation and sample configs, but neccessary 
to get it running and see the results in the logfiles.

Please help.

Peter


----------



## SirDice (Dec 23, 2011)

http://onlamp.com/pub/a/apache/2003/11/26/mod_security.html


----------



## gkontos (Dec 23, 2011)

http://www.aisecure.net/2011/09/24/securing-web-application-servers/


----------



## PeWiWa (Dec 24, 2011)

Ok, it is solved. Your links were helpful, thanks.

My solution:

The rules didn't work out of the box (in my installation), I had to add some settings to get them running:

1. get rid of Pcre-Error:

```
SecPcreMatchLimit 150000
SecPcreMatchLimitRecursion 150000
```
2. Some missing settings:

```
SecDataDir /var/asl/data/msa
SecUploadDir /var/asl/data/suspicious
SecAuditLogStorageDir /var/asl/data/audit
(chown www <the above dirs>)
SecTmpDir /tmp
SecAuditLog /var/log/http-modsec2_audit.log
SecDebugLog /var/log/http-modsec2_debug.log
```
After that ist was running without errors and (!) detecting attacks.

Peter


----------

