I use nginx_apache for my server and I install mod_security using this guide: https://malware.expert/howto/install-modsecurity-directadmin-custombuild-2-x/ but I use only comodo rule
In this file, /etc/httpd/conf/extra/httpd-modsecurity.conf I got the following commented LoadFile and LoadModule
I can see that there is also a custom mod_security file in /usr/local/directadmin/custombuild/custom/ap2/conf/extra/httpd-modsecurity.conf and the 2 first lines are not commented. The content is as follow:
whenever I run
I thought the file in /etc/httpd/conf/extra/httpd-modsecurity.conf, will get replaced by /usr/local/directadmin/custombuild/custom/ap2/conf/extra/httpd-modsecurity.conf but the 2 lines still being commented even I manually change it. Why is that so ?
System details:
I use nginx_apache reverse proxy. and I read that modsecurity is compatible with nginx. https://forum.directadmin.com/threa...t-start-due-to-mod_security.61427/post-315229
In this file, /etc/httpd/conf/extra/httpd-modsecurity.conf I got the following commented LoadFile and LoadModule
#LoadFile /usr/local/lib/libxml2.so
#LoadModule security2_module /usr/lib/apache/mod_security2.so
...
...
...I can see that there is also a custom mod_security file in /usr/local/directadmin/custombuild/custom/ap2/conf/extra/httpd-modsecurity.conf and the 2 first lines are not commented. The content is as follow:
Code:
LoadFile /usr/local/lib/libxml2.so
LoadModule security2_module /usr/lib/apache/mod_security2.so
<IfModule mod_security2.c>
# Default recommended configuration
SecRuleEngine On
SecRequestBodyAccess On
SecDefaultAction "phase:2,deny,log,status:406"
SecRequestBodyLimitAction ProcessPartial
SecResponseBodyLimitAction ProcessPartial
SecRequestBodyLimit 13107200
SecRequestBodyNoFilesLimit 131072
SecPcreMatchLimit 250000
SecPcreMatchLimitRecursion 250000
SecCollectionTimeout 600
SecDebugLog /var/log/httpd/modsec_debug.log
SecDebugLogLevel 0
SecAuditEngine RelevantOnly
<IfModule mod_ruid2.c>
SecAuditLogDirMode 1733
SecAuditLogFileMode 0550
SecAuditLogType Concurrent
SecAuditLogStorageDir /var/log/modsec_audit
</IfModule>
SecAuditLog /var/log/httpd/modsec_audit.log
SecUploadDir /tmp
SecTmpDir /tmp
SecDataDir /tmp
SecTmpSaveUploadedFiles on
# ModSecurity Core Rules Set and Local configuration
IncludeOptional /etc/modsecurity.d/*.conf.main
IncludeOptional /etc/modsecurity.d/*.conf
</IfModule>whenever I run
./build rewrite_confs
./build modsecurity_rulesI thought the file in /etc/httpd/conf/extra/httpd-modsecurity.conf, will get replaced by /usr/local/directadmin/custombuild/custom/ap2/conf/extra/httpd-modsecurity.conf but the 2 lines still being commented even I manually change it. Why is that so ?
System details:
I use nginx_apache reverse proxy. and I read that modsecurity is compatible with nginx. https://forum.directadmin.com/threa...t-start-due-to-mod_security.61427/post-315229
| Compiled on | CentOS 8.0 64-Bit |
| Compile Date | Jun 8 2020, 18:53:38 |
| Server Version | 1.61.3 |
| Current Available Version | 1.61.3 |
| Last Updated | Tue Jun 9 15:24:14 2020 |
| Last Restart | Fri Jun 19 03:53:46 2020 |
Last edited:
