Install the Debian version of mod_security packages from Debian reposirory
apt-get install libapache-mod-security
Create an Apache config directory for mod_security
mkdir /etc/apache2/modsecurity-core-rules
chmod 600 /etc/apache2/modsecurity-core-rules
Download and install the mod_security core rules
wget http://www.modsecurity.org/download/modsecurity-core-rules_2.5-1.6.1.tar.gz
tar vfx modsecurity-core-rules_2.5-1.6.1.tar.gz -C /etc/apache2/modsecurity-core-rules/
Create a symlink to adapt to all mod_security core rules(or change all the rules š
ln -s /var/log/apache2 /etc/apache2/logs
Include the mod_security rules to the Apache2 configuration
echo "Include /etc/apache2/modsecurity-core-rules/*.conf" >> /etc/apache2/apache2.conf
Restart apache2
/etc/init.d/apache2 restart
It is recommended to keep an eye on the mod_security logs to see if anything is being blocked.
If you ever encounter difficulties with some rules, you will be able to see which rule is interfering from the following logs
/etc/apache2/modsec_audit.log
/etc/apache2/modsec_debug.log
and either modify the rule or simply comment it out.
Th rules that mostly gave me trouble are:
/etc/apache2/modsecurity-core-rules/modsecurity_crs_40_generic_attacks.conf
/etc/apache2/modsecurity-core-rules/modsecurity_crs_21_protocol_anomalies.conf