# mod security apache2 setup

## carpman

Hello, ok trying to setup mod security with apache2 but there is not a lot of docs that are relevent to Gentoo, have set it up on FreeBSD apache 1.3 fine.

So have done:

```

Added -D SECURITY to APACHE2_OPTS= in /etc/conf.d/apache2   

```

Tried to load module in /etc/apache2/httpd.conf

```

LoadModule security_module modules/mod_security2.so

```

this results in error on restart apache2

```

/etc/init.d/apache2 restart

 * Apache2 has detected a syntax error in your configuration files:

Syntax error on line 237 of /etc/apache2/httpd.conf:

Can't locate API module structure `security_module' in file /usr/lib/apache2/modules/mod_security2.so: /usr/lib/apache2/modules/mod_security2.so: undefined symbol: security_module

```

Any ideas what i missing?

I have set apache2 flag for mod security.

cheers

----------

## elgato319

there is no need to load the module by yourself.

adding "-D SECURITY" in conf.d/apache2 should be enough.

it will load: /etc/apache2/modules.d/99_mod_security.conf, which loads the right module

```

<IfDefine SECURITY>

        <IfModule !mod_security2.c>

                LoadModule security2_module modules/mod_security2.so

        </IfModule>

        # use Core Rule Set by default:

        Include /etc/apache2/modules.d/mod_security/*.conf

</IfDefine>

```

btw i'm running mod_security 2.1.1

```

net-www/mod_security

     Available versions:  1.8.7 (~)1.9.4 (~)2.1.1 {apache2 doc}

     Installed versions:  2.1.1(09:19:55 05/07/07)(-doc)

```

----------

## carpman

Ok cheers, where and how do you load the rules?

Do they go in:

```

/etc/apache2/modules.d/mod_security/

```

cheers

----------

## elgato319

yes

emerge installed some rules by default in /etc/apache2/modules.d/mod_security/

i'm using the rules provided by http://www.gotroot.com/ too

added an extra line for them to keep them seperated: 

```

Include /etc/apache2/modules.d/gotroot/*.conf

```

----------

## carpman

 *elgato319 wrote:*   

> yes
> 
> emerge installed some rules by default in /etc/apache2/modules.d/mod_security/
> 
> i'm using the rules provided by http://www.gotroot.com/ too
> ...

 

cheers, yep it was were to put the gotroot rulres i needed.

Have you used the auto download/update script for rules from gotroot?

many thanks

----------

## elgato319

nope... i update them from time to time

i left some big blacklists out, because they relly slowed the webserver down (and eating memory like crazy)

----------

