How to Set Up ModSecurity with Apache

How to Set Up ModSecurity with Apache

ModSecurity is an open-source web application firewall (WAF) module for Apache that protects your Breeze from SQL injection, XSS, and other web attacks.

Installation

Install ModSecurity and its Apache connector:

sudo apt install libapache2-mod-security2 -y
sudo a2enmod security2
sudo systemctl restart apache2

Enable the Recommended Configuration

Copy the recommended config and activate it:

sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
sudo nano /etc/modsecurity/modsecurity.conf

Change SecRuleEngine DetectionOnly to SecRuleEngine On to actively block threats.

Install OWASP Core Rule Set

The CRS provides a comprehensive set of attack detection rules:

sudo apt install modsecurity-crs -y

Verify rules are loaded in your Apache config:

IncludeOptional /usr/share/modsecurity-crs/*.conf
IncludeOptional /usr/share/modsecurity-crs/rules/*.conf

Tuning False Positives

• Review logs at /var/log/apache2/modsec_audit.log
• Whitelist legitimate rules with SecRuleRemoveById directives
• Start in DetectionOnly mode and switch to On after tuning

Restart Apache to apply all changes:

sudo systemctl restart apache2

Your Breeze web applications are now shielded by ModSecurity.