How to Install ModSecurity with OpenLiteSpeed and DirectAdmin

How to Install ModSecurity with OpenLiteSpeed and DirectAdmin

ModSecurity is an open source, cross platform web application firewall (WAF) engine developed by Trustwave’s SpiderLabs. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.

In this guide we will show you how to install ModSecurity using Comodo Rules with OpenLitespeed. The Comodo ModSecurity rules will be configured to automatically fetch and install the new rules as soon as they become available. We have chosen to use the rules provided by Comodo as we have found they are most compatible with the majority of web applications. However, if you didn’t want to use Comodo rules you can instead use the rules provided by OWASP.

In order to install ModSecurity we will be using the command line custombuild scripts. You can if you want install using the custombuild WebAdmin GUI in the DirectAdmin dashboard.

First we need to ensure we have the all the necessary files updated in custombuild using the following command:

cd /usr/local/directadmin/custombuild
./build update

You can set ModSecurity, ModSecurity Rules and OpenLitespeed Web Server options using the options.conf file directly located at /usr/local/directadmin/custombuild/options.conf or run the following commands:

./build set modsecurity yes
./build set modsecurity_ruleset comodo
./build set webserver openlitespeed

If you wanted to use OWASP ModSecurity Ruleset instead of Comodo, you can use the following commands:

./build set modsecurity yes
./build set modsecurity_ruleset owasp
./build set webserver openlitespeed

Now we will start the installation of ModSecurity and OpenLitespeed Web Server using the following commands:

./build openlitespeed
./build modsecurity

Once the installation script has finished your server will be setup to use OpenLitespeed as its web server backed up with ModSecurity rules provided Comodo or OWASP if you have used their ruleset.

If you have got any existing domains on your server before changing to OpenLitespeed we would always recommend that you rebuild the domain conf files. You can do this by using the following commands:

./build rewrite_confs

CONFIGURE MODSECURITY

Now ModSecurity has been successfully installed we need to configure ModSecurity settings to “On”. We do this by adding the rules “SecRequestBodyAccess On” to the httpd-modsecurity.conf file. However, if we edited this file directly it would be overwritten on any OpenLitespeed rebuilds so therefore we need to make use of the OpenLitespeed custom templates built into DirectAdmin by using the following commands:

cd /usr/local/directadmin/custombuild/
mkdir -p custom/openlitespeed/conf
cp -p configure/openlitespeed/conf/httpd-modsecurity.conf custom/openlitespeed/conf/
perl -pi -e 's/SecRequestBodyAccess .*/SecRequestBodyAccess On/' custom/openlitespeed/conf/httpd-modsecurity.conf
./build rewrite_confs

DEACTIVATE COMODO PLUGIN

Comodo provides a dashboard plugin that you can access directly from the DirectAdmin dashboard, however, as present it does not currently work with OpenLitespeed and we recommend that you deactivate the plugin from the dashboard. You can deactivate the plugin using the following command:

perl -pi -e 's/active=yes/active=no/' /usr/local/directadmin/plugins/comodo_waf/plugin.conf

TEST MODSECURITY RULES

In order to test that your ModSecurity ruleset has been installed and activated correctly, you can use a simple modified URL query string with ?r=/etc/passwd appended to the end. Therefore, your URL request will look like http://www.domain.com/?r=/etc/passwd .

If everything has installed correctly you will get a 403 Forbidden Error page.

VPSBasics

VPSBasics

This guide was written by the VPS Basics editorial team, led by Gilberto Van Roosen. They are a unique blend of people who are dedicated to providing highly detailed, comprehensive and easy to follow tutorials, written in plain English. They specialise in tutorials for managing Linux servers, its software and WordPress.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.