ModSecurity is an open-source, cross-platform web application firewall (WAF) engine developed by Trustwave’s SpiderLabs. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging, and real-time analysis.
In this guide, we will show you how to install ModSecurity using Comodo Rules with OpenLitespeed. The Comodo ModSecurity rules will be configured to automatically fetch and install the new rules as soon as they become available. We have chosen to use the rules provided by Comodo as we have found they are most compatible with the majority of web applications. However, if you didn’t want to use Comodo rules you can instead use the rules provided by OWASP.
In order to install ModSecurity, we will be using the command line custombuild scripts. You can if you want to install using the custombuild WebAdmin GUI in the DirectAdmin dashboard.
First, we need to ensure we have all the necessary files updated in custombuild using the following command:
cd /usr/local/directadmin/custombuild
./build update
You can set ModSecurity, ModSecurity Rules, and OpenLitespeed Web Server options using the options.conf file directly located at /usr/local/directadmin/custombuild/options.conf or run the following commands:
./build set modsecurity yes
./build set modsecurity_ruleset comodo
./build set webserver openlitespeed
If you wanted to use OWASP ModSecurity Ruleset instead of Comodo, you can use the following commands:
./build set modsecurity yes
./build set modsecurity_ruleset owasp
./build set webserver openlitespeed
Now we will start the installation of ModSecurity and OpenLitespeed Web Server using the following commands:
./build openlitespeed
./build modsecurity
Once the installation script has finished your server will be set up to use OpenLitespeed as its web server backed up with ModSecurity rules provided by Comodo or OWASP if you have used their ruleset.
If you have got any existing domains on your server before changing to OpenLitespeed we would always recommend that you rebuild the domain conf files. You can do this by using the following commands:
./build rewrite_confs
Configure ModSecurity
Now ModSecurity has been successfully installed we need to configure ModSecurity settings to “On”. We do this by adding the rules “SecRequestBodyAccess On” to the httpd-modsecurity.conf file. However, if we edited this file directly it would be overwritten on any OpenLitespeed rebuilds so therefore we need to make use of the OpenLitespeed custom templates built into DirectAdmin by using the following commands:
cd /usr/local/directadmin/custombuild/
mkdir -p custom/openlitespeed/conf
cp -p configure/openlitespeed/conf/httpd-modsecurity.conf custom/openlitespeed/conf/
perl -pi -e 's/SecRequestBodyAccess .*/SecRequestBodyAccess On/' custom/openlitespeed/conf/httpd-modsecurity.conf
./build rewrite_confs
Deactivate Comodo Plugin
Comodo provides a dashboard plugin that you can access directly from the DirectAdmin dashboard, however, at present it does not currently work with OpenLitespeed and we recommend that you deactivate the plugin from the dashboard. You can deactivate the plugin using the following command:
perl -pi -e 's/active=yes/active=no/' /usr/local/directadmin/plugins/comodo_waf/plugin.conf
Test ModSecurity Rules
In order to test that your ModSecurity ruleset has been installed and activated correctly, you can use a simple modified URL query string with ?r=/etc/passwd appended to the end. Therefore, your URL request will look like http://www.domain.com/?r=/etc/passwd.
If everything has installed correctly you will get a 403 Forbidden Error page.
