Rechercher
SupportConsoleDéveloppeursCommencer un essaiContact

Ce contenu n'est pas disponible dans la langue sélectionnée.

Chapter 2. Configuring ModSecurity on RHEL

download PDF

When you install Red Hat JBoss Core Services on Red Hat Enterprise Linux (RHEL), you can configure the ModSecurity module to function as a web application firewall (WAF) for the Apache HTTP Server.

Note

JBCS 2.4.57 does not currently provide an archive file distribution of the Apache HTTP Server for RHEL 9.

2.1. ModSecurity dependencies on RHEL

ModSecurity has several dependencies to function successfully. Some of these dependencies are already included as a part of Red Hat JBoss Core Services.

The following table provides a list of ModSecurity dependencies:

DependencyPart of JBCS on RHEL?

Apache Portable Runtimes (APR)

Yes

APR-Util

Yes

mod_unique_id

Yes

libcurl

Yes

Perl-Compatible Regular Expressions (PCRE)

Yes

libxml2

No

Note

On RHEL, Red Hat JBoss Core Services includes all of these dependencies except the libxml2 library.

2.2. ModSecurity installation on RHEL

The ModSecurity module is included as part of a Red Hat JBoss Core Services installation.

You can follow the procedures in the Red Hat JBoss Core Services Apache HTTP Server Installation Guide to download and install the Apache HTTP Server for your operating system.

Additional resources

2.3. Loading ModSecurity

You can load the ModSecurity module by using the LoadModule command.

Procedure

  • To load the ModSecurity module, enter the following command: 

    LoadModule security2_module modules/mod_security2.so

2.4. Configuring the rules directory on RHEL

ModSecurity functionality requires that you create rules that the system uses. Apache HTTP Server provides a preconfigured mod_security.conf.sample file in the HTTPD_HOME/modsecurity.d directory. To use ModSecurity rules, you must modify the mod_security.conf.sample file with settings that are appropriate for your environment. You can store the ModSecurity rules in the modsecurity.d directory or the modsecurity.d/activated_rules subdirectory.

Procedure

  1. Go to the HTTPD_HOME/modsecurity.d directory.

  2. Rename the mod_security.conf.sample file to mod_security.conf: 

    mv mod_security.conf.sample ./mod_security.conf
  3. Open the mod_security.conf file and specify parameters for all the configuration directives that you want to use with the ModSecurity rules.

2.5. Key ModSecurity configuration options

You can use key ModSecurity configuration options to improve the performance of regular expressions, investigate ModSecurity 2.6 phase one moving to phase two hook, and allow use of certain directives in .htaccess files.

enable-pcre-jit
Enables Just-In-Time (JIT) compiler support in the Perl-Compatible Regular Expressions (PCRE) library 8.20 or later to improve the performance of regular expressions.
enable-request-early
Enables testing of the ModSecurity 2.6 move from phase one to phase two hook
enable-htaccess-config
Enables use of directives in .htaccess files when AllowOverride Options is set
Red Hat logoGithubRedditYoutubeTwitter

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Nous aidons les utilisateurs de Red Hat à innover et à atteindre leurs objectifs grâce à nos produits et services avec un contenu auquel ils peuvent faire confiance.

Rendre l’open source plus inclusif

Red Hat s'engage à remplacer le langage problématique dans notre code, notre documentation et nos propriétés Web. Pour plus de détails, consultez leBlog Red Hat.

À propos de Red Hat

Nous proposons des solutions renforcées qui facilitent le travail des entreprises sur plusieurs plates-formes et environnements, du centre de données central à la périphérie du réseau.

© 2024 Red Hat, Inc.