[edit] 1. Download: modsecurity-apache modsecurity-core-rules (optional) [edit] 2. Extract modsecurity-apache and install tar zxvf modsecurity-apache cd modsecuiryt-apache-/apache2/ configure && make && make install [edit] 3. copy rules to apache's conf directory cd modsecuiryt-apache- cp -a rules /usr/local/apache/conf/modsecurity.d [edit] 4. Add the following lines to httpd.conf LoadFile /usr/lib64/libxml2.so.2 LoadModule security2_module modules/mod_security2.so LoadModule unique_id_module modules/mod_unique_id.so SecRuleEngine On SecRequestBodyAccess On SecResponseBodyAccess Off SecUploadKeepFiles Off SecDebugLog logs/modsec_debug.log SecDebugLogLevel 0 SecAuditEngine RelevantOnly SecAuditLogRelevantStatus ^5 SecAuditLogParts ABIFHZ SecAuditLogType Serial SecAuditLog logs/modsec_audit.log SecRequestBodyLimit 131072 SecRequestBodyInMemoryLimit 131072 SecResponseBodyLimit 524288 Include modsecurity.d/modsecurity_crs_10_config.conf Include modsecurity.d/modsecurity_crs_20_protocol_violations.conf Include modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf Include modsecurity.d/modsecurity_crs_23_request_limits.conf Include modsecurity.d/modsecurity_crs_30_http_policy.conf Include modsecurity.d/modsecurity_crs_35_bad_robots.conf Include modsecurity.d/modsecurity_crs_40_generic_attacks.conf Include modsecurity.d/modsecurity_crs_45_trojans.conf Include modsecurity.d/modsecurity_crs_50_outbound.conf # Include modsecurity.d/modsecurity_localrules.conf # write your own rules and add to this file Note: Modify path to point to the correct path [edit] 5. Restart apache /usr/local/apache2/bin/apachectl restart or service httpd restart