FreeBSD Install mod_security For The Apache HTTPD Server

Q. mod_security supplies an array of request filtering and other security features to the Apache HTTP Server. How do I install mod_security under FreeBSD operating systems?


A. ModSecurity is an open source web application firewall that runs as an Apache module, and version 2.0 offers many new features and improvements.

It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with no changes to existing infrastructure. Some of the features include:

=> Parallel text matching
=> Geo IP resolution
=> Credit card number detection
=> Support for content injection
=> Automated rule updates
=> scripting as well as many others.

FreeBSD install mod_security

Type the following command to update ports tree:
# portsnap fetch update
Under FreeBSD 7, mod_security can be installed by typing the following commands:
# cd /usr/ports/www/mod_security
# make install clean

Configure mod_security

The modsecurity 2 Core Rules have been installed in

By default it run in “DetectionOnly” mode as not to disturb operatings of working websites and Apache. First change directory to /usr/local/etc/apache22/Includes/mod_security2/:
# cd /usr/local/etc/apache22/Includes/mod_security2/
Now, open the ModSecuirty core rule set file – modsecurity_crs_10_config.conf, enter:
# vi modsecurity_crs_10_config.conf
The file is well documented so just customize it according to your requirements. Open httpd.conf file located at /usr/local/etc/apache22 and make sure following line exists:
LoadFile /usr/local/lib/
LoadModule security2_module libexec/apache22/

Finally, restart the apache:
# /usr/local/etc/rc.d/apache22 restart

Monitoring mod_security log files

By default logs are written to following two files:

  • /var/log/httpd-modsec2_audit.log
  • /var/log/httpd-modsec2_debug.log
  • /var/log/httpd-error.log or virtual domain error.log file

You can detect attacks by viewing these two files using grep or tail:
tail -f /var/log/httpd-modsec2_audit.log
grep cmd.exe /var/log/httpd-modsec2_audit.log
tail -f /home/httpd/

Once everything started to working perfectly open modsecurity_crs_10_config.conf file and set SecRuleEngine to On:
SecRuleEngine On
Restart apache:
# /usr/local/etc/rc.d/apache22 restart

Further readings:

  • Apache Security Book – The real strength of Apache Security lies in its wealth of interesting and practical advice, with many real-life examples and solutions in this book will save your life.
  • Modsecurity project

๐Ÿฅบ Was this helpful? Please add a comment to show your appreciation or feedback.

nixCrat Tux Pixel Penguin
Hi! ๐Ÿค 
I'm Vivek Gite, and I write about Linux, macOS, Unix, IT, programming, infosec, and open source. Subscribe to my RSS feed or email newsletter for updates.

4 comments… add one
  • Matthew May 12, 2009 @ 12:43

    When upgrading (with portmanger or the like) any changes you make to the default rules get overwritten. Whats the best way to avoid this?

    Also what’s the difference between the mod_security and mod_security21 ports? Which is better?

  • ๐Ÿ›ก๏ธ Vivek Gite (Author and Admin) nixCraft May 13, 2009 @ 9:38

    Create your own custom rule set file and call it from main modsecurity_crs_10_config.conf file. mod_security21 is older version and it is recommended that you use latest stable version supplied by mod_security

  • rihaz Jan 24, 2011 @ 20:37

    by default only *.conf file ( modsecurity_crs_10_config.conf) inside mod_security2
    folder is included. you have to include rules inside /usr/local/etc/apache22/Includes/mod_security2/base_rules or just the modsecurity_crs_10_config.conf will work?

    Include etc/apache22/Includes/mod_security2/*.conf

  • waha Aug 20, 2012 @ 9:03

    Iยดve installed mod_security from ports. But there is nothing installed in /usr/local/etc/apache22/Includes.
    Am I missing something?

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre> for code samples. Your comment will appear only after approval by the site admin.