Setup

• Installing the package

apt install libapache2-mod-security2

• Turning on module

a2enmod security2

• Uploading recommended config file

mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf

• Checking the engine mode (Leaving at DetectionOnly as we will have adaptive blocking)

grep SecRuleEngine /etc/modsecurity/modsecurity.conf

• Checking if we are scanning server responses

grep SecResponseBodyAccess /etc/modsecurity/modsecurity.conf

• Checking the module config

cat /etc/apache2/mods-enabled/security2.conf

• Restarting Apache

systemctl restart apache2
systemctl status apache2

• Technically, no further setup is needed