Documentation: www.linode.com/docs/guides/securing-apache2-with-modsecurity/

Thank you for the great contents you deliver through your channel. You can check if it works from the modsecurity log, it will show the requests that waf blocked or detected and the details of these requests

great tutorial, i setup modsec to implement as a solution for a vulnerable web app and makes everything secure by just deploying the WAF, i have seen a lot of your videos and you teach quality tools for security!! keep up the good work!!

Good to see you are back

The Boss is back !!! ♥️

thank you so much! loved the documentation :)

After a long time. Informative come back!!!

hi please help me with my problem, when I apply this module my website becomes text only without images or order or anything , do you know what is it and how to fix it?

Having an error here sir: systemctl restart apache2 (after all the configurations) returns an error. after inspecting, I found out using the journalctl that the webserver will refuse to start with an Unknown variable: &MULTIPART_PART_HEADERS error. I temporarily deleted the file rules/REQUEST-922-MULTIPART-ATTACK.conf as a workaround. Apache now starts normally, but I am wary because now the rules are incomplete. modsecurity2 version is 2.9.5 (I followed your commands in this video). Has anyone found a solution to this? Anyway sir, your tutorials are great, as always! Learned a lot. :)

What if I do not have phpmyadmin, where to add config then? Thank you

thank you super explanation

i have a reverse proxy with nginx if someone access my apache site through nginx reverse proxy which is normal but does somebody actually have to access the apache2 site directly for modsecurity to work or people can still access nginx reverse proxy to my site(apache2) and will modsecurity still work. thanks.

I have question: On installation of latest version of modsecurity, owasp rules are present in usr/share/modsecurity-crs dir then why it is required to replace with the owasp rules available on git repository? i even found version difference for installed modsecurity rules & git clone owasp rules, if i am not wrong its always safe to use latest version.

thanks for the video

Gracias, excelente tutorial.

Great tutorial

Very nice sir 😊❤ thank you so much sar 😊❤

Awesome loved it!

Hello Alexis. Thank you for the high-quality content of your videos. I implemented the mentioned Security Mode using those rules from the CoreRulesSet but I am having one issue with WordPress. The site continues to work well but if I log in and try to make any change or any post or page it blocks. Is there any exception rule or a specific set of rules for WordPress? Thank you!

Can we create apache on different machine and modsecurity on another machine ?

Hello Sir, I have followed the instruction until the time 14:58, and the next step is to restart apache2, when I did this, I got this error "Syntax error on line 43 of /usr/share/modsecurity-crs/rules/REQUEST-922-MULTIPART-ATTACK.conf Error creating rule: Unknown variable: &MULTIPART_PART_HEADERS", can you help me, how can I solve it? thanks in advance

Can this block an automated sqlmap injection running from Kali machine?

Any tutorial modsec in IIS 10?

How to prevent csrf attacks on apache ws

in "/etc/modsecurity/modsecurity.conf" SecStatusEngine is set to "On" curiously I get this error in apache2 log: "ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On"

Love you bro ❤️

very good video!

hello is this modsecurity3 or the old version

Nice video bro 👍👍

nice tuttorial

Thanks bro

Спасибо!

Any help matey? May 24 17:08:27 cn01-desktop systemd[1]: Starting The Apache HTTP Server... May 24 17:08:28 cn01-desktop apachectl[286847]: apache2: Syntax error on line 231 of /etc/apache2/apache2.conf: Syntax error on line 36 of /etc/apache2/sites-enabled/000-default.conf: without matching section May 24 17:08:28 cn01-desktop apachectl[286844]: Action 'start' failed. May 24 17:08:28 cn01-desktop apachectl[286844]: The Apache error log may have more information. May 24 17:08:28 cn01-desktop systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE May 24 17:08:28 cn01-desktop systemd[1]: apache2.service: Failed with result 'exit-code'. May 24 17:08:28 cn01-desktop systemd[1]: Failed to start The Apache HTTP Server.

yessir

I have got an error

I'm first here too!

Apache2 not starting: AH00526: Syntax error on line 43 of /etc/modsecurity/rules/REQUEST-922-MULTIPART-ATTACK.conf

LOL, mod security is nothing

keyboard gremlins LOL