How to Install FAMP Stack and Mod Security on FreeBSD 10.2

FAMP Stack or FreeBSD with Apache, MariaDB and PHP is a group of opensource software to run application based on php to your browser. FAMP similiar with LAMP (Linux Apache MAriaDB/MySQL and PHP) on linux server.

Mod Security is a Open source intrusion detection and prevention engine for web server. Support for Apache Nginx and IIS on windows server. It is one of the apache modules to prevent from hackers and other malicious attack like SQL Injection, XSS, LFI(Local File Inclusion), RFI(Remote File Inclusion) etc.

In this tutorial we will guide about Installation of FAMP Stack with FreeBSD 10.2, and then give you sample configuration of virtualhost on apache webserver. Next we will install and configure mod security to work with the FAMP Stack and activate on the virtualhost that have been created.

Step 1 - Update System

Please log in to your freebsd server with ssh and update your system with command :

freebsd-update fetch
freebsd-update install

Step 2 - Install and Configure Apache

Apache is the one of the best and popular web server, support for Linux windows and Mac OS. Apache developed by an open community of developers under the Apache Software Foundation. Support some language interfaces support Perl, Python, Tcl, and PHP.

We will install apache24 with pkg command :

pkg install apache24

Please go to the apache configuration directory "/usr/local/etc/apache24", and then edit a file "httpd.conf" with nano editor :

cd /usr/local/etc/apache24
nano httpd.conf

Change the value of "ServerAdmin" on line 210 and "ServerName" on line 219 :

ServerAdmin im@localhost
ServerName localhost:80

Next, before run apache webserver, we need to add apache to the start up/boot time with "sysrc" command :

sysrc apache24_enable=yes

Now start Apache webserver :

service apache24 start

And open your browser and visit the server IP :

Apache Start

Step 3 - Install and Configure MariaDB

MariaDB instead of MySQL develop and maintain by MySQL Developer under the GNU GPL. For from MySQL MySQL relational database management system.

We will install mariadb with pkg command :

pkg install mariadb100-server

That command will install mariadb100-client too.

Now copy the mariadb file configuration from "/usr/local/share/mysql/" to "/usr/local/etc/" :

cp /usr/local/share/mysql/my-medium.cnf /usr/local/etc/my.cnf

Next, enable mariadb to start on boot time with sysrc command :

sysrc mysql_enable=yes

and the last, start mariadb :

service mysql-server start

So now you need to configure username and password for mariadb/mysql server. configure with command :


Enter current password for root (enter for none): PRESS ENTER
OK, successfully used password, moving on...

Set root password? [Y/n] Y
Re-enter new password: ENTER YOUR PASSWORD
Password updated successfully!

Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

Now try access your mariadb/mysql shell :

mysql -u root -p

MariaDB started

Step 4 - Install and Configure MariaDB

In this tutorial we will use version of php 5.6. install it with pkg command include with mod_php56 php56-mysql php56-mysqli php56-curl.

pkg install mod_php56 php56-mysql php56-mysqli php56-curl

Now copy php configuration file "php.ini-production" to "php.ini" in directory "/usr/local/etc/" :

cd /usr/local/etc/
cp php.ini-production php.ini

Edit php.ini files and add your timezone in line 926 :

nano php.ini

date.timezone = Asia/Jakarta

Next, configure php to work with apache, so you need to edit the apache configuration file and then add php configuration there.

To do it you must go to the apache configuration directory and edit "httpd.conf" with nano editor :

cd /usr/local/etc/apache24/
nano httpd.conf

Add the php configuration to under line 288 :

<Files ".ht*">
Require all denied

<FilesMatch "\.php$">
SetHandler application/x-httpd-php

<FilesMatch "\.phps$">
SetHandler application/x-httpd-php-source

and add index.php on the dir_module directive :

<IfModule dir_module>
DirectoryIndex index.php index.html

Save and Exit

PHP work with Apache

Step 5 - Configure Apache VirtualHost

In this tutorial we will create a virtualhost called "" with the domain "".

Virtualhost configuration file stored at "/usr/local/etc/apache24/extra/" directory. But in this tutorial we will create new directory for virtualhost, so make you easy to configure your virtualhost if you have many configuration file.

Create new directory  "virtualhost" in apache configuration directory :

cd /usr/local/etc/apache24/
mkdir virtualhost

Now create new file "" :

Add a virtualhost configuration below :

<VirtualHost *:80>
# Directory for the file stored
DocumentRoot "/usr/local/www/"
ErrorLog "/var/log/"
CustomLog "/var/log/" common

<Directory "/usr/local/www/">
Options All
AllowOverride All
# The syntax is case sensitive!
Require all granted

Next include your virtualhost configuration to the apache "httpd.conf" file :

cd /usr/local/etc/apache24/
nano httpd.conf

Add this to the end of the line :

Include etc/apache24/virtualhost/*.conf

Next, Create new directory for the virtualhost that we created on the "/usr/local/www/" :

mkdir -p /usr/local/www/
cd /usr/local/www/

And create new file "index.php" and give php info script, you can do it with "echo" command :

echo '<?php phpinfo(); ?>' > index.php

Now restart your apache and then open your browser "" :

service apache24 restart

and you can see the php info :

php info

Step 6 - Install and Configure Mod Security

Mod Security is part of apache modules, so you can install it from the repository. You can install from the source, but we here use pkg command to install from the repository :

pkg install ap24-mod_security-2.9.0

Now load new module "unique_id" that needed by mod security by editing the apache configuration file "httpd.conf" and uncomment the line 120  :

cd /usr/local/etc/apache24/
nano httpd.conf

LoadModule unique_id_module libexec/apache24/

Save and Exit.

And if you have done, please clone the owasp modsecurity Core Rules Set(CRS) with git command to the crs directory :

cd /usr/local/etc/
git clone crs

Now go to the crs directory and copy the example configuration file :

cd crs/
cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_setup.conf

Next, load the modsecurity module with owasp crs rules by create new file "000_modsecurity.conf" on "modules.d" directory :

cd /usr/local/etc/apache22/modules.d/
nano 000_modsecurity.conf

Paste configuration below :

# Load ModSecurity
LoadModule security2_module libexec/apache24/

<IfModule security2_module>
# Include ModSecurity configuration
Include /usr/local/etc/modsecurity/modsecurity.conf

# Include OWASP Core Rule Set (CRS) configuration and base rules
Include /usr/local/etc/crs/modsecurity_crs_10_setup.conf
Include /usr/local/etc/crs/base_rules/*.conf

# Remove Rule by id
SecRuleRemoveById 981173

Save and Exit.

Step 7 - Adding Mod Security to the VirtualHost

To configure a virtualhost with mod security, you need to edit the virtualhost file :

cd /usr/local/etc/apache24/virtualhost/

Inside Directory directive, add script below :


<IfModule security2_module>
SecRuleEngine On


And now restart apache web server :

service apache24 restart

Note :

If you have an error like this :

[unique_id:alert] [pid 4372] (EAI 8)hostname nor servname provided, or not known: AH01564: unable to find IPv4 address of "YOURHOSTNAME"

please add your hostname to the hosts file :

nano /etc/hosts

Add your hostname           YOURHOSTNAME

Step 8 - Testing Mod Security

Edit the file "modsecurity.conf" in the mod security directory "/usr/local/etc/modsecurity/" :

cd /usr/local/etc/modsecurity
nano modsecurity.conf

Change the value of "SecRuleEngine " to the "On" :

SecRuleEngine On

Save and Exit.

Restart Apache :

service apache24 restart

See the apache log file to ensure the mod security is loaded :

tail -f /var/log/httpd-error.log

Mod Security Loaded

Another test in virtualhost with SQL Injection attack on wordpress plugins :

Another Test VirtualHost

Mod Security and Apache running successfully.


FAMP Stack or Apache MariaDB and PHP on FreeBSD instead of LAMP on Linux server. It is easy to install and Configure. You can Install it with pkg command or if you have time, you can compile it from "/usr/ports" directory. Mod Security is web application firewall that prevent you from hacker and the malicious attacks like SQL Injection. You can define your rule and then add it to work with apache for your web application security.


Arul 3:00 am


Your email address will not be published. Required fields are marked *