Issue
How to add custom ModSecurity rules on server with Imunify360 and different control panels.
Environment
- Imunify360
- ModSecurity
- WHM/cPanel
- Directadmin
- Plesk
- Any supported OS.
Solution
WHM/cPanel.
- Go to WHM >> Home >> Security Center >> ModSecurity™ Tools
- To add a rule, perform the following steps:
- Click Add Rule. A new interface will display.
- Enter the rule in the Rule Text text box.
- Select the Enable Rule checkbox to enable the rule while deploying configuration
- To deploy the rule and restart Apache immediately, select the Deploy and Restart Apache checkbox.
- Click Save.
Plesk.
- Go to Tools & Settings > Web Application Firewall (ModSecurity) -> Settings
- Add rule and apply the configuration. The custom rules will be saved to /etc/httpd/conf/plesk.conf.d/modsecurity.conf
Directadmin.
-
Create a directory for custom rules.
-
Add custom rules to the directory.
-
Include directory in webserver's configuration file /etc/httpd/conf/extra/httpd-includes.conf.
-
Restart webserver service.
File httpd-includes.conf will not be overwriten by custombuild or Imunify360 agent, and custom rule will always be included in configuration and will be loaded if security2_module installed and available.
[root@directadmin]# mkdir /etc/custom_modsecurity.d/
[root@directadmin]# cat /etc/custom_modsecurity.d/custom_rules.conf
SecRule REQUEST_URI "@pm test.php" "phase:1,id:880808,log,deny,status:403"
[root@directadmin]# cat /etc/httpd/conf/extra/httpd-includes.conf
...
Include /etc/httpd/conf/extra/i360.remoteip.conf
<IfModule security2_module>
IncludeOptional /etc/custom_modsecurity.d/*.conf
</IfModule>
[root@directadmin]# systemctl restart httpd
[root@directadmin]# # httpd -t -D DUMP_INCLUDES | grep custom_rules
(9) /etc/custom_modsecurity.d/custom_rules.conf
Stand-alone Imunify360.
In Stand Alone im360 rules are included in /etc/sysconfig/imunify360/generic/modsec.conf via IncludeOptional "/var/imunify360/modsec/generic/rules/*.conf" directive:
cat /etc/sysconfig/imunify360/generic/modsec.conf
<IfModule security2_module>
IncludeOptional "/var/imunify360/modsec/generic/rules/*.conf"
IncludeOptional "/etc/sysconfig/imunify360/generic/global_disabled_rules.conf"
</IfModule>
Include /etc/sysconfig/imunify360/generic/modsec2.imunify.conf
Сustom conf files could be placed to /etc/httpd/conf.d/ or etc. with the following web server restart to apply the rules.
Comments
0 comments
Please sign in to leave a comment.