Support

grniyce · #1 06-24-2009, 02:51 PM

I haven't seen this thread accurately described on this site yet, so I'm going to do my best to explain exactly what I did to get this to work effectively on my server with the variety of regular sites, forum sites (vB, IPB, PHPbb, etc.), including ClamAV, while using cPanel WHM. Hopefully this helps all of you.

First thing to know is that the rules are default in nature, so if you think you can just follow the easy instructions and apply all of them and everything will work perfectly ---- it won't... You need to be able to tweak the rules for your environment. Because my server environment is so flexible in regards to the types of sites I host, I have tweaked some of these rules, and they now work excellently.

Ok first make these folders in /usr/local/apache:

Now open /usr/local/apache/conf/httpd.conf and add these Include lines and do not restart httpd yet:

Now download these rules which have been optimized as I stated above to work with LSWS in multiple environments without compromising security.

Click Here To Download The Optimized Mod_Security Rules

If a moderator / admin could attach these rules it would be helpful.

Now open the .zip file and go into each folder and simply drag and drop those files to their corresponding folders in /usr/local/apache (modsecurity or modsecurity.d).

NOW RESTART HTTPD

Everything should work fine for all environments. Keep in mind there is one file in here that you should remove IF YOU DO NOT HAVE CLAMAV installed on your server. Remove the 05_asl_scanner.conf file in the modsecurity.d folder or it could trigger errors.

Regards,

Ant

markb1439 · #2 02-02-2011, 10:39 PM

Are updated rules available?

mikegotroot · #3 02-12-2011, 04:16 PM

You can download up to date modsecurity rules from:

https://www.atomicorp.com/wiki/index...Security_Rules

Unfortunately, Litespeed does not currently support modsecurity 2.5.x (The latest version of modsecurity) rules, so none of the modern rulesets anyone publishes will load or work correctly with Litespeed :-(

http://www.litespeedtech.com/support...ht=modsecurity

As soon as litespeed supports the full 2.5.x ruleset, you will be able to use the same modsecurity rules Apache users enjoy. Right now, litespeed only support a subset of the features that the Apache modsecurity implementation provides.

So, if you want a WAF with Litespeed, you will either have to use older 1.9.x rules - which is not recommended, as no one publishes or maintains 1.9.x rules - as 1.9.x is neither supported nor maintained anymore and hasnt been for many years. Or hack up 2.5.x rules to ribbons, basically making them miss attacks and run much slower.

In short, the best bet is to encourage litespeed to fully support modsecurity 2.5.x. Once they can do that, then you can use the same rules that Apache users use now.