Apache mod_security ?


How important is to use mod_security for Apache, and how to install it? Is it sufficient just to install it by yast and to reload apache web server? Or there are any modifications that need to be done, if how?

It can be installed through Yast. AFAIK no special actions required.

after installing it with yast and reloding apache this is apache output:

Syntax error on line 3 of /etc/apache2/conf.d/mod_security2.conf:
Invalid command ‘SecRuleEngine’, perhaps misspelled or defined by a module not included in the server configuration

okay, I have solved above problem by adding “security2” to APACHE_MODULES= in /etc/sysconfig/apache2 and creating “.log” in “/srv/www/logs/modsec_debug.log”, HOWEVER after checking Apache Mod Security by system it still shows OFF?

Still looking for a solution.