In Mod Security, the OWASP CRS 4.x have plugins (formerly "exclusion packages"). I'm trying to enable them in my custom modsecurity conf file for Custom Build. Since I'm using OpenLiteSpeed, this is the file:
/usr/local/directadmin/custombuild/custom/openlitespeed/conf/httpd-modsecurity.conf
According to the CRS documentation, it's as simple as creating a directory, and adding he rule files:
However, I don't know how to accomplish this using the Custom Build conf file (httpd-modsecurity.conf)
Has anyone installed OWASP CRS plugins in Directadmin?
/usr/local/directadmin/custombuild/custom/openlitespeed/conf/httpd-modsecurity.conf
According to the CRS documentation, it's as simple as creating a directory, and adding he rule files:
Code:
Include crs/crs-setup.conf
Include crs/plugins/*-config.conf
Include crs/plugins/*-before.conf
Include crs/rules/*.conf
Include crs/plugins/*-after.conf
However, I don't know how to accomplish this using the Custom Build conf file (httpd-modsecurity.conf)
Code:
# Default recommended configuration
SecRuleEngine On
SecRequestBodyAccess On
SecDefaultAction "phase:2,deny,log,status:406"
SecRequestBodyLimitAction ProcessPartial
SecResponseBodyLimitAction ProcessPartial
SecRequestBodyLimit 13107200
SecRequestBodyNoFilesLimit 131072
SecAuditLogFormat JSON
SecPcreMatchLimit 250000
SecPcreMatchLimitRecursion 250000
SecCollectionTimeout 600
SecDebugLog /var/log/httpd/modsec_debug.log
SecDebugLogLevel 0
SecAuditEngine RelevantOnly
SecAuditLog /var/log/httpd/modsec_audit.log
SecUploadDir /tmp
SecTmpDir /tmp
SecDataDir /tmp
SecTmpSaveUploadedFiles on
# ModSecurity Core Rules Set and Local configuration
Include /etc/modsecurity.d/*.conf.main
Include /etc/modsecurity.d/*.conf
Has anyone installed OWASP CRS plugins in Directadmin?