mod_security installation and configuration(Linux)

[eUK-Scott]

Think of mod_security as an intrusion detection and prevention engine for web applications. Essentially, it will mitigate malicious http requests, namely cross-site scripting exploits, before apache itself even has a chance to fully process it. If configured correctly, mod_security can provide umbrella protection to vulnerable scripts/web-applications hosted by your users.

Installation:
Grab the source and unpack (check for newest version at http://www.modsecurity.org/download/)
# wget http://www.modsecurity.org/download/...e_1.9.4.tar.gz
# tar -zvxf modsecurity-apache_1.9.4.tar.gz

From here, you will need to descend into the correct apache version directory
Either apache1.3 (cPanel uses Apache 1.3)
# cd modsecurity-apache-1.9.4/apache1

or, for apache2.x (Plesk uses Apache 2.0)
# cd modsecurity-apache-1.9.4/apache2

Use apxs to compile the module
# /etc/httpd/bin/apxs -cia mod_security.c

If /etc/httpd/bin/apxs does not exist, you are missing the httpd-devel package. To install on Redhat, use:
# up2date httpd-devel

Mod_security will automatically install the module in the apache modules directory and add the corresponding lines in httpd.conf
Installation is done, now we just need to add the rules.

Mod_security rules: The following rules have been continually tested to verify safety and effectiveness against the most commonly exploited web applcations. It currently provides protection against common exploits in phpBB, PHP-Nuke, Post-nuke, vbulletin, Mambo, Invision Power Board, phpMyAdmin, Coppermine, WordPress, OSCommerce, Awstats, OSticket, ModernBill, Cubecart, phpAdsNew, Xoops, Drupal, Serendipity, and Comdev eCommerce. It also provides an effective arbitrary command detection list, for use against general attacks.
You should copy this ruleset and save this file to..

on apache 1.3 (or cpanel machines):
/etc/httpd/conf/modsec.conf

on apache 2.0 (or plesk machines):
/etc/httpd/conf.d/modsec.conf

For apache 1.3, you will need to include the following line after the "LoadModule" section:
Include conf/modsec.conf

Restart apache and you're done. If you want to know how to make sure mod_security is installed and running, check to see if /etc/httpd/logs/audit_log exists. If it does, you're good to go. If not, go back over the steps above or see the modsecurity.org installation documentation:
http://www.modsecurity.org/documentation/index.html

Please remember that this rule set is just an extended set of rules to get you started. There are many things that can be done with Mod_Security that are not covered here. You will need to do some research and tweak these rules accordingly.