ModSecurity for httpd24 & RHEL6 from SoftwareCollections?

Latest response

We are running several RHEL6 webservers, some of which run Apache 2.4 via the httpd24 packages from Software Collections.

I see that mod_security is available from EPEL, but it tries to install Apache 2.2 instead. Are there any packages available which will support a newer version of Apache 2.4?

[root@web1 ~]# yum install -q mod_security

========================================================================================================
 Package                   Arch               Version                     Repository               Size
========================================================================================================
Installing:
 mod_security              x86_64             2.7.3-3.el6                 epel                    168 k
Installing for dependencies:
 apr-util-ldap             x86_64             1.3.9-3.el6_0.1             sl                       15 k
 httpd                     x86_64             2.2.15-54.sl6               sl-security             832 k
 httpd-tools               x86_64             2.2.15-54.sl6               sl-security              78 k

Transaction Summary
========================================================================================================
Install       4 Package(s)

Is this ok [y/N]: 

Responses

Hi Stefan,

Currently mod_security is not supported by Red Hat in RHEL 6 . A supported version is available in version RHEL 7 though. The above is probably due to a dependency issue for which it needs to install the 2.2 version.

Is there a mod_security module for httpd24? I've seen references to mod24_security but yum doesn't find it.

Hi Thomas, Stefan. We don't currently have any plans to ship mod_security for the httpd24 collection. If you file a ticket with Red Hat Support with an RFE, we can look at this for future updates to Red Hat Software Collections.

Thanks!

Has there been any update to this? We also use RHEL 6 with httpd24. Because we can't use mod_security, how would you suggest securing httpd24 on RHEL 6?

Also do you know what the differences are between httpd and httpd24? Search results haven't been clear on this point. Thanks!

Hi Jonathan, On RHEL6, httpd is the standard HTTP server based on version 2.2.15. It is supported and regularly patched by RH (to fix vulnerabilities and bugs). httpd24 is a moving target based on the latest or almost latest version. If it isn't the latest version, RH backports the latest security patches for it.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.