Apache Web Server

BotGuard provides the integration module for Apache Apache Web Server via operating systems package repository. We support the following Linux operating systems:

• Debian 12 ("bookworm), 11 ("bullseye"), 10 ("buster"), 9 ("stretch"), 8 ("jessie")
• Ubuntu 24.04 ("noble"), 22.04 ("jammy"), 20.04 ("focal"), 18.04 ("bionic"), 16.04 ("xenial")
• RHEL/CentOS 9, 8, 7, 6
• CloudLinux 9, 8, 7, 6 (EasyApache)

The integration procedure depends on the type of operating system used.

Debian, Ubuntu

Module Installation

Import the BotGuard package digital signature key:

apt install curl gpg ca-certificates lsb-release apt-utils whiptail apt-transport-https software-properties-common sudo
curl -fsSL https://repo.botguard.net/botguard.gpg | gpg --dearmor | sudo tee /usr/share/keyrings/botguard.gpg >/dev/null

Note

We assume you are using the root account (use sudo -s or su - if necessary).

Add the BotGuard repository to the system repositories:

echo "deb [signed-by=/usr/share/keyrings/botguard.gpg] https://repo.botguard.net/debian $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/botguard.list
apt update

Install the BotGuard Apache module:

apt install libapache2-mod-botguard

Restart the Apache service:

systemctl restart apache2

Make sure BotGuard module is loaded successfully:

apachectl -M 2>/dev/null | grep botguard

As a result of executing this command, the following text should be displayed:

botguard_module (shared)

To enable or disable the module, use the a2enmod botguard and a2dismod botguard commands respectively.

Setting module parameters

After installation, the module will be disabled, as it requires preliminary configuration for its operation. To configure the module, run the command:

dpkg-reconfigure libapache2-mod-botguard

Using this command, you can configure the parameters necessary for the module to work in interactive mode:

Instead, you can change the settings of the module by editing its configuration file /etc/apache2/mods-available/botguard.conf:

1. Find the line # BotguardPrimaryServer "xxx.botguard.net" and remove the "#" symbol (uncomment the line). Replace xxx.botguard.net with the address of the primary BotGuard server assigned to your web server.

2. Find the line # BotguardSecondaryServer "yyy.botguard.net" and remove the "#" symbol (uncomment the line). Replace yyy.botguard.net with the address of the secondary BotGuard server.

3. One Apache server can serve multiple domains ("virtual hosts"). You can activate BotGuard protection either for all domains or for selected domains only.

4. To enable BotGuard protection for all the domains, find the line BotguardCheck off in the configuration file of the BotGuard module and replace it with BotguardCheck on.

5. To activate protection only for some domains, the line BotguardCheck off must be left in the BotGuard module configuration file. Instead, add a BotguardCheck on line to the description of each virtual host to be protected in the Apache configuration files (…). In addition, the module can be activated for any site separately using the .htaccess file:

<IfModule botguard_module>
    BotguardCheck on
</IfModule>

1. Reload Apache configuration for the module settings to take effect:

   systemctl reload apache2
   

Diagnostic messages and error messages are logged to the /var/log/apache2/error.log, file, depending on Apache settings.

RHEL, CentOS

Module Installation

Import the BotGuard package digital signature key:

rpm --import https://repo.botguard.net/botguard.gpg

Note

We assume you are using the root account (use sudo -s or su - if necessary).

Add the BotGuard repository to the system repositories:

yum install epel-release yum-utils
yum-config-manager --add-repo https://repo.botguard.net/BotGuard.repo

The version of the BotGuard Apache module must match with the version of Apache web server installed. Your Apache may have been installed from the operating system repository, or from an additional repository. Depending on the repository used and the version of Apache, the installation procedure may differ slightly.

Find out the source of your installed Apache version:

echo -e 'httpd\nhttpd24-httpd\nea-apache24' | LANG=C xargs -I "#" yum info "#" 2>/dev/null | grep -E 'Packages|Name|From repo'

As a result of executing this command, a list of available and installed Apache versions will be displayed:

Installed Packages
Name        : ea-apache24
From repo   : cl-ea4

Next, depending on the source of the installed package, install the appropriate version of the BotGuard module:

Base, updates, AppStreamcentos-sclo-rhcl-ea4

Install the BotGuard Apache module:

yum install mod_botguard

The module configuration file will be installed in /etc/httpd/conf.d/botguard.conf. Restart Apache service:

systemctl restart httpd

Make sure BotGuard module is loaded successfully:

apachectl -M | grep botguard

As a result of executing this command, the following text should be displayed:

botguard_module (shared)

To disable the module, comment out the line starting with LoadModule in the /etc/httpd/conf.modules.d/01-botguard.conf file, or, in case of Apache version 2.2, in the main config file of the module.

Install the BotGuard Apache module:

yum install httpd24-mod_botguard

The module configuration file will be installed in /opt/rh/httpd24/root/etc/httpd/conf.d/botguard.conf. Restart Apache service:

systemctl restart httpd24-httpd

Make sure BotGuard module is loaded successfully:

scl enable httpd24 bash
apachectl -M | grep botguard

As a result of executing this command, the following text should be displayed:

botguard_module (shared)

To disable the module, comment out the line starting with LoadModule in the /opt/rh/httpd24/root/etc/httpd/conf.modules.d/01-botguard.conf file, or, in case of Apache version 2.2, in the main config file of the module.

Install the BotGuard Apache module:

yum install ea-apache24-mod_botguard

The module configuration file will be installed in /etc/apache2/conf.d/botguard.conf. Restart Apache service:

systemctl restart ea-apache24

Make sure BotGuard module is loaded successfully:

apachectl -M | grep botguard

As a result of executing this command, the following text should be displayed:

botguard_module (shared)

To disable the module, comment out the line starting with LoadModule in the /etc/apache2/conf.modules.d/01-botguard.conf file, or, in case of Apache version 2.2, in the main config file of the module.

Setting module parameters

After installation, the module will be disabled, as it requires preliminary configuration for its operation. To configure the module, edit its config file set to the path given above.

1. Find the line # BotguardPrimaryServer "xxx.botguard.net" and remove the "#" symbol (uncomment the line). Replace xxx.botguard.net with the address of the primary BotGuard server assigned to your web server.

2. Find the line # BotguardSecondaryServer "yyy.botguard.net" and remove the "#" symbol (uncomment the line). Replace yyy.botguard.net with the address of the secondary BotGuard server.

3. One Apache server can serve multiple domains ("virtual hosts"). You can activate BotGuard protection either for all domains or for selected domains only.

4. To enable BotGuard protection for all the domains, find the line BotguardCheck off in the configuration file of the BotGuard module and replace it with BotguardCheck on.

5. To activate protection only for some domains, the line BotguardCheck off must be left in the BotGuard module configuration file. Instead, add a BotguardCheck on line to the description of each virtual host to be protected in the Apache configuration files (…). In addition, the module can be activated for any site separately using the .htaccess file:

<IfModule botguard_module>
    BotguardCheck on
</IfModule>

1. Reload Apache configuration for the module settings to take effect:

   systemctl reload httpd
   

Diagnostic messages and error messages are logged to the /var/log/httpd/error.log or /var/log/apache2/error.log files, depending on Apache settings.