09 Jun

What is ModSecurity and How to Enable ModSecurity in DirectAdmin

Overview

With over 70% of all attacks now carried out over the web application level, organizations need every help they can get in making their systems secure. Besides ModSecurity antivirus can help to reduce malware. For linux server ClamAV/Maldet antivirus enough good. You can follow the post

“How to install ClamAV antivirus on DirectAdmin Linux server”

“How to install ClamAV antivirus on DirectAdmin Linux server and scan public_html folder”

Web application firewalls are deployed to establish an external security layer that increases the protection level, detects and prevents attacks before they reach web-based software programs.

ModSecurity is an open-source web-based firewall application (or WAF) supported by different web servers: Apache, Nginx and IIS.

Usage

The module is configured to protect web applications from various attacks. ModSecurity supports flexible rule engine to perform both simple and complex operations. It comes with a Core Rule Set (CRS) which has various rules for:

  • cross website scripting
  • bad user agents
  • SQL injection
  • trojans
  • session hijacking
  • other exploits

To enable ModSecurity:

cd /usr/local/directadmin/custombuild
./build set modsecurity yes
./build set modsecurity_ruleset owasp
./build modsecurity

Additionally you might need to run

For Apache:

./build apache
./build rewrite_confs

For nginx:

./build nginx
./build rewrite_confs

 

Leave a reply