Mod Defender is an Apache2 module aiming to block attacks thanks to a whitelisting policy
- apache2-dev package to provide Apache Extension Tool and Apache2 headers
- gcc & g++ >= 5.2
- CMake >= 3.2
-
You need apache2-dev package installed
$ sudo apt-get install apache2-dev
-
Compile the source
$ cmake . $ make -
Use Apache Extension Tool to install the module
$ sudo apxs -n defender -i lib/mod_defender.so
-
Create its module load file for Apache2
$ sudo echo "LoadModule defender_module /usr/lib/apache2/modules/mod_defender.so" > \ /etc/apache2/mods-available/defender.load
-
Create its module conf file for Apache2
$ cat <<EOT | sudo tee /etc/apache2/mods-available/defender.conf > /dev/null <IfModule defender_module> Include /etc/moddefender/*.conf </IfModule> EOT
-
Create Mod Defender conf directory
$ sudo mkdir -p /etc/moddefender/
-
Populate it with conf
$ sudo wget -O /etc/moddefender/core_rules.conf \ https://raw.githubusercontent.com/nbs-system/naxsi/master/naxsi_config/naxsi_core.rules
$ cat <<EOT | sudo tee /etc/moddefender/moddefender.conf > /dev/null # Match log path MatchLog \${APACHE_LOG_DIR}/moddef_match.log # Learning mode toggle LearningMode On # Libinjection SQL toggle LibinjectionSQL Off # Libinjection XSS toggle LibinjectionXSS Off ## Score action CheckRule "\$SQL >= 8" BLOCK CheckRule "\$RFI >= 8" BLOCK CheckRule "\$TRAVERSAL >= 4" BLOCK CheckRule "\$EVADE >= 4" BLOCK CheckRule "\$XSS >= 8" BLOCK EOT
-
Enable the module with apache2
$ sudo a2enmod defender
-
Reload Apache2 to take effect
$ sudo service apache2 restart