Install ModSecurity WAF on Apache – Arch Linux

ModSecurity is an open-source Web Application Firewall (WAF) for Apache.

Step 1 – Install ModSecurity

pacman -S --noconfirm mod_security
# Add LoadModule to httpd.conf
systemctl restart httpd

Step 2 – Configure ModSecurity

Copy the recommended baseline configuration:

cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf 2>/dev/null || \
cp /usr/share/doc/libapache2-mod-security2/examples/modsecurity.conf-recommended \
   /etc/modsecurity/modsecurity.conf 2>/dev/null

Set engine to On:

sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /etc/modsecurity/modsecurity.conf

Step 3 – Install OWASP Core Rule Set (CRS)

cd /etc/modsecurity
git clone https://github.com/coreruleset/coreruleset.git crs
cp crs/crs-setup.conf.example crs/crs-setup.conf

Add to Apache config:

IncludeOptional /etc/modsecurity/*.conf
IncludeOptional /etc/modsecurity/crs/crs-setup.conf
IncludeOptional /etc/modsecurity/crs/rules/*.conf

Step 4 – Test and reload Apache

apachectl configtest && systemctl reload apache2 2>/dev/null || \
apachectl configtest && rc-service apache2 reload

Step 5 – Test WAF is active

curl 'http://localhost/?q=<script>alert(1)</script>'
# Should receive 403 Forbidden