Install ModSec with OpenLiteSpeed & DirectAdmin

ModSecurity is an open-source, cross-platform web application firewall (WAF) engine developed by Trustwave’s SpiderLabs. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging, and real-time analysis.

In this guide, we will show you how to install ModSecurity using Comodo Rules with OpenLitespeed. The Comodo ModSecurity rules will be configured to automatically fetch and install the new rules as soon as they become available. We have chosen to use the rules provided by Comodo as we have found they are most compatible with the majority of web applications. However, if you didn’t want to use Comodo rules you can instead use the rules provided by OWASP.

In order to install ModSecurity, we will be using the command line custombuild scripts. You can if you want to install using the custombuild WebAdmin GUI in the DirectAdmin dashboard.

First, we need to ensure we have all the necessary files updated in custombuild using the following command:

cd /usr/local/directadmin/custombuild
./build update

You can set ModSecurity, ModSecurity Rules, and OpenLitespeed Web Server options using the options.conf file directly located at /usr/local/directadmin/custombuild/options.conf or run the following commands:

./build set modsecurity yes
./build set modsecurity_ruleset comodo
./build set webserver openlitespeed

If you wanted to use OWASP ModSecurity Ruleset instead of Comodo, you can use the following commands:

./build set modsecurity yes
./build set modsecurity_ruleset owasp
./build set webserver openlitespeed

Now we will start the installation of ModSecurity and OpenLitespeed Web Server using the following commands:

./build openlitespeed
./build modsecurity

Once the installation script has finished your server will be set up to use OpenLitespeed as its web server backed up with ModSecurity rules provided by Comodo or OWASP if you have used their ruleset.

If you have got any existing domains on your server before changing to OpenLitespeed we would always recommend that you rebuild the domain conf files. You can do this by using the following commands:

./build rewrite_confs

Configure ModSecurity

Now ModSecurity has been successfully installed we need to configure ModSecurity settings to “On”. We do this by adding the rules “SecRequestBodyAccess On” to the httpd-modsecurity.conf file. However, if we edited this file directly it would be overwritten on any OpenLitespeed rebuilds so therefore we need to make use of the OpenLitespeed custom templates built into DirectAdmin by using the following commands:

cd /usr/local/directadmin/custombuild/
mkdir -p custom/openlitespeed/conf
cp -p configure/openlitespeed/conf/httpd-modsecurity.conf custom/openlitespeed/conf/
perl -pi -e 's/SecRequestBodyAccess .*/SecRequestBodyAccess On/' custom/openlitespeed/conf/httpd-modsecurity.conf
./build rewrite_confs

Deactivate Comodo Plugin

Comodo provides a dashboard plugin that you can access directly from the DirectAdmin dashboard, however, at present it does not currently work with OpenLitespeed and we recommend that you deactivate the plugin from the dashboard. You can deactivate the plugin using the following command:

perl -pi -e 's/active=yes/active=no/' /usr/local/directadmin/plugins/comodo_waf/plugin.conf

Test ModSecurity Rules

In order to test that your ModSecurity ruleset has been installed and activated correctly, you can use a simple modified URL query string with ?r=/etc/passwd appended to the end. Therefore, your URL request will look like

If everything has installed correctly you will get a 403 Forbidden Error page.

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

How to reinstall DirectAdmin in your web server?

Run the following commands to install: cd /usr/local/directadmin./directadmin i./directadmin p

How to install imagick with custombuild of DA?

Run the following command: cd /usr/local/directadmin/custombuild ./build update ./build...

The service ‘exim’ on server xxx is currently down

Rebuild your exim. cd /usr/local/directadmin/custombuild./build update./build set exim...

Change DA port to your choice where CSF installed

Here I will show you how to change the port from 2222 to 9999 in two steps. Step One:...

How to migrate cPanel account to DirectAdmin?

The cPanel conversion script currently only works for Admin Level restores. You must have to be...