How to Install ModSecurity with OpenLiteSpeed and DirectAdmin

How to Install ModSecurity with OpenLiteSpeed and DirectAdmin

ModSecurity is an open source, cross platform web application firewall (WAF) engine developed by Trustwave’s SpiderLabs. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.

In this guide we will show you how to install ModSecurity using Comodo Rules with OpenLitespeed. The Comodo ModSecurity rules will be configured to automatically fetch and install the new rules as soon as they become available. We have chosen to use the rules provided by Comodo as we have found they are most compatible with the majority of web applications. However, if you didn’t want to use Comodo rules you can instead use the rules provided by OWASP.

In order to install ModSecurity we will be using the command line custombuild scripts. You can if you want install using the custombuild WebAdmin GUI in the DirectAdmin dashboard.

First we need to ensure we have the all the necessary files updated in custombuild using the following command:

cd /usr/local/directadmin/custombuild
./build update

You can set ModSecurity, ModSecurity Rules and OpenLitespeed Web Server options using the options.conf file directly located at /usr/local/directadmin/custombuild/options.conf or run the following commands:

./build set modsecurity yes
./build set modsecurity_ruleset comodo
./build set webserver openlitespeed

If you wanted to use OWASP ModSecurity Ruleset instead of Comodo, you can use the following commands:

./build set modsecurity yes
./build set modsecurity_ruleset owasp
./build set webserver openlitespeed

Now we will start the installation of ModSecurity and OpenLitespeed Web Server using the following commands:

./build openlitespeed
./build modsecurity

Once the installation script has finished your server will be setup to use OpenLitespeed as its web server backed up with ModSecurity rules provided Comodo or OWASP if you have used their ruleset.

If you have got any existing domains on your server before changing to OpenLitespeed we would always recommend that you rebuild the domain conf files. You can do this by using the following commands:

./build rewrite_confs

Configure ModSecurity

Now ModSecurity has been successfully installed we need to configure ModSecurity settings to “On”. We do this by adding the rules “SecRequestBodyAccess On” to the httpd-modsecurity.conf file. However, if we edited this file directly it would be overwritten on any OpenLitespeed rebuilds so therefore we need to make use of the OpenLitespeed custom templates built into DirectAdmin by using the following commands:

cd /usr/local/directadmin/custombuild/
mkdir -p custom/openlitespeed/conf
cp -p configure/openlitespeed/conf/httpd-modsecurity.conf custom/openlitespeed/conf/
perl -pi -e 's/SecRequestBodyAccess .*/SecRequestBodyAccess On/' custom/openlitespeed/conf/httpd-modsecurity.conf
./build rewrite_confs

Deactivate Comodo Plugin

Comodo provides a dashboard plugin that you can access directly from the DirectAdmin dashboard, however, as present it does not currently work with OpenLitespeed and we recommend that you deactivate the plugin from the dashboard. You can deactivate the plugin using the following command:

perl -pi -e 's/active=yes/active=no/' /usr/local/directadmin/plugins/comodo_waf/plugin.conf

Test ModSecurity Rules

In order to test that your ModSecurity ruleset has been installed and activated correctly, you can use a simple modified URL query string with ?r=/etc/passwd appended to the end. Therefore, your URL request will look like http://www.domain.com/?r=/etc/passwd.

If everything has installed correctly you will get a 403 Forbidden Error page.

How useful was this guide?

Click on a star to rate it!

Average rating / 5. Vote count:

Be the first to rate this guide.

We are sorry that this guide was not useful for you!

Help us to improve this guide!

Tell us how we can improve this guide?

By VPSBasics

This guide was written by the VPS Basics editorial team, led by Gilberto Van Roosen. They are a unique blend of people, dedicated to providing highly detailed, comprehensive and importantly easy to follow tutorials, written in plain English. They specialise in tutorials for managing Linux servers and its software.

2 Comments for How to Install ModSecurity with OpenLiteSpeed and DirectAdmin

Hi,
I’ve enabled/installed mod_security with owasp and followed all instructions step by step but there’s no success in the end. Almost all your tutorials are successful for me but don’t know what I’ve been missing here?

Example site – ** REMOVED WEBSITE ** to try if modsecurity is working. I checked and it is not returning 403 Forbidden error yet.

Waiting for your prompt response. If possible, help me via email.

Hi Ryan

I am glad that you are finding the tutorials beneficial to you, we do have many more lined up. I have just checked your example website using /?r=/etc/passwd and it returned a 406 Error – Not Acceptable which shows the mod_security module is installed and working correctly.

Kind Regards
VPSBasics

Join the Conversation

Note: Your email address will not be published when posting a comment.

Note: All comments are held for moderation and are reviewed by our editorial team prior to approval.

VPSBasics uses Akismet anti-spam filters to reduce spam across our website. Our website is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. Learn how your data is processed.

Related Posts

Newsletter

Keep up to date with all the latest guides, updates and news from VPSBasics by subscribing to our newsletter.