6.6 Ensure ModSecurity Is Installed and Enabled


'ModSecurity' is an open source web application firewall (WAF) for real-time web application monitoring, logging, and access control. It does not include a powerful customizable rule set, which may be used to detect and block common web application attacks. Installation of 'ModSecurity' without a rule set does not provide additional security for the protected web applications. Refer to the benchmark recommendation '_Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled_' for details on a recommended rule set.

**Note:** Like other application security/application firewall systems, 'ModSecurity' requires a significant commitment of staff resources for initial tuning of the rules and handling alerts. In some cases, this may require additional time working with application developers/maintainers to modify applications based on analysis of the results of tuning and monitoring logs. After setup, an ongoing commitment of staff is required for monitoring logs and ongoing tuning, especially after upgrades/patches. Without this commitment to tuning and monitoring, installing 'ModSecurity' may NOT be effective and may provide a false sense of security.


Installation of the 'ModSecurity' Apache module enables a customizable web application firewall rule set which may be configured to detect and block common attack patterns as well as block outbound data leakage.


Perform the following to enable the module:

1. Install the 'ModSecurity' module if it is not already installed in modules/mod_security2.so. It may be installed via OS package installation (such as apt-get or yum) or built from the source files. See [https://www.modsecurity.org/download.html](https://www.modsecurity.org/download.html) for details.
2. Add or modify the 'LoadModule' directive if not already present in the Apache configuration as shown below. Typically, the 'LoadModule' directive is placed in the file named 'mod_security.conf', which is included in the Apache configuration:

LoadModule security2_module modules/mod_security2.so

See Also


Item Details


References: 800-53|SC-7(12), CSCv6|18.2, CSCv7|18.10

Plugin: Unix

Control ID: fdf07208a17794fc7b035ebfb2c539a3aa93d15a51cb0500c223138537850bde