[edit] 1. Download:

	modsecurity-apache
	modsecurity-core-rules (optional)


[edit] 2. Extract modsecurity-apache and install

	tar zxvf modsecurity-apache
	cd modsecuiryt-apache-<version>/apache2/
	configure && make && make install


[edit] 3. copy rules to apache's conf directory

	cd modsecuiryt-apache-<version> 
	cp -a rules /usr/local/apache/conf/modsecurity.d

[edit] 4. Add the following lines to httpd.conf

LoadFile /usr/lib64/libxml2.so.2
LoadModule security2_module modules/mod_security2.so
LoadModule unique_id_module modules/mod_unique_id.so

<IfModule mod_security2.c>

	SecRuleEngine On
       SecRequestBodyAccess On
       SecResponseBodyAccess Off
       SecUploadKeepFiles Off
       SecDebugLog logs/modsec_debug.log
       SecDebugLogLevel 0
       SecAuditEngine RelevantOnly
       SecAuditLogRelevantStatus ^5
       SecAuditLogParts ABIFHZ
       SecAuditLogType Serial
       SecAuditLog logs/modsec_audit.log
       SecRequestBodyLimit 131072
       SecRequestBodyInMemoryLimit 131072
       SecResponseBodyLimit 524288

       Include modsecurity.d/modsecurity_crs_10_config.conf
       Include modsecurity.d/modsecurity_crs_20_protocol_violations.conf
       Include modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf
       Include modsecurity.d/modsecurity_crs_23_request_limits.conf
       Include modsecurity.d/modsecurity_crs_30_http_policy.conf
       Include modsecurity.d/modsecurity_crs_35_bad_robots.conf
       Include modsecurity.d/modsecurity_crs_40_generic_attacks.conf
       Include modsecurity.d/modsecurity_crs_45_trojans.conf
       Include modsecurity.d/modsecurity_crs_50_outbound.conf
      # Include modsecurity.d/modsecurity_localrules.conf   # write your own rules and add to this file
</IfModule>

Note: Modify path to point to the correct path


[edit] 5. Restart apache

/usr/local/apache2/bin/apachectl restart 

or

service httpd restart