Issue
Directadmin custom ModSecurity rule files disappear with our ruleset updates or reinstallation.
Environment
- Imunify360
- Directadmin
- ModSecurity
Solution
The contents of the directories where custom rules may be saved on Directadmin servers are overwritten when Imunify360's ruleset is removed and reinstalled.
To avoid this, it is necessary to create a separate directory for custom rules and include it in the webserver configuration.
1. Create a directory for custom rules:
# mkdir /etc/custom_modsecurity.d/
2. Add custom rule:
# cat /etc/custom_modsecurity.d/custom_rules.conf
SecRule REQUEST_URI "@pm test.php" "phase:1,id:880808,log,deny,status:403"
3. Include directory in webserver's configuration:
# cat /etc/httpd/conf/extra/httpd-includes.conf
#For mod_proctitle settings
Include /etc/httpd/conf/extra/modproctitle.conf
#For LVE settings
Include /etc/httpd/conf/extra/modhostinglimits.conf
#For mod_lsphp settings
#Include /etc/httpd/conf/extra/mod_lsapi.conf
Include /etc/httpd/conf/extra/i360.remoteip.conf
<IfModule security2_module>
IncludeOptional /etc/custom_modsecurity.d/*.conf
</IfModule>
4. Restart webserver service:
# systemctl restart httpd
File httpd-includes.conf will not be overwritten by custombuild or Imunify360 agent, and custom rule will always be included in configuration and will be loaded if security2_module installed and available.
# httpd -t -D DUMP_INCLUDES | grep custom_rules
(9) /etc/custom_modsecurity.d/custom_rules.conf
# imunify360-agent uninstall-vendors
OK
# httpd -t -D DUMP_INCLUDES | grep custom_rules
(9) /etc/custom_modsecurity.d/custom_rules.conf
# imunify360-agent install-vendors
OK
# httpd -t -D DUMP_INCLUDES | grep custom_rules
(9) /etc/custom_modsecurity.d/custom_rules.conf
Comments
0 comments
Please sign in to leave a comment.