0

I have 4 ec2 instances (running Amazon Linux AMI) and i'am using elastic beanstalk to deploy my Java app to Tomcat.

I would like to know if it was possible to install the apache mod_security using the .ebextensions ?

ps: I know how to install mod_security and configure the rulse if I have to do it by hand. As I'm not really familiar with ebextensions I would like to know first if is this would be possible?

ps2: I would like to install mod_security to have a protection against simple DOS attack Thank you!

Johny19
  • 5,364
  • 14
  • 61
  • 99

1 Answers1

2

Yes it is possible. At the simplest you can create a file in .ebextensions called 10_mod_security.config

and inside contain

packages:
  yum:
    mod_security: []

if you wish to create an extra config file you can do so in the same file, like;

files:
  "/etc/httpd/conf.d/mod_security.conf":
    mode: "000644"
    owner: root
    group: root
    content: |
      insert your apache config here
    encoding: plain

that will install the package via yum, and then create a config file in the appropriate directory (although I believe yum creates the file for you automatically, you'd have to do some testing with this)

Hope this helps.

Kevin Willock
  • 1,912
  • 1
  • 13
  • 16
  • Is it possible to install other mods like "mod_dumpio" that is not included in yum? the exact error i am receiving is "Yum does not have mod_dumpio available for installation" – Ben Yitzhaki Jul 07 '15 at 10:26
  • Hey @BenYitzhaki sorry for the delay, but yes, you can run ad-hoc commands. There are lots of examples in the docs; http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customize-containers-ec2.html#customize-containers-format-commands – Kevin Willock Aug 27 '15 at 05:14
  • 1
    The package for Apache 2.4 is `mod24_security`. If you do not want to overwrite the default config, you can store your rules in `/etc/httpd/modsecurity.d/local_rules/`. For example, you can create `./ebextensions/modsecurity_special_rules.conf` and then add in your Elastic Beanstalk configuration somtething like: `command: "cp ./ebextensions/modsecurity_special_rules.conf /etc/httpd/modsecurity.d/local_rules/modsecurity_special_rules.conf"` However, if you are behind a load balancer, you should consider using AWS WAF (see also http://stackoverflow.com/questions/41458260). – goetz Jan 05 '17 at 16:11