Need Help With Installing & Configuring ModSecurity in DirectAdmin

[sainikbiswas]

Hello everyone, I am new to DirectAdmin and recently switched over from Cpanel around 2 weeks back. I have configured Apache With Nginx as Reverse Proxy as my Web Server using CustomBuild 2.0. For PHP the handler is set to PHP-FPM. I am running the latest version of DA.

What I wanted to know is in 3 parts?

1> How do I install mod security using Custombuild 2.0?
2> Which ruleset should be preferred the Comodo or the OWASP CRS? How do I set that?
3> Is there an option to disable or filter mod security rules from the User Interface?

Finally, I would like to thank the Direct Admin Team for maintaining an awesome documentation at help.directadmin.com and Alex for help.poralix.com. If not for both of this resources, I would not know how to setup DirectAdmin.

 

[wattie]

edit /usr/local/directadmin/custombuild/options.conf and see the options:

modsecurity=no
modsecurity_ruleset=comodo

Change the first one to "yes" and choose whatever you want the second one to be. Then rebuild.

 

[sainikbiswas]

edit /usr/local/directadmin/custombuild/options.conf and see the options:

modsecurity=no
modsecurity_ruleset=comodo

Change the first one to "yes" and choose whatever you want the second one to be. Then rebuild.

Thanks a lot. It is working.

 

[johannes]

@2>: i`m using comodo ruleset for years and all few monthes i take a customer domain out of the list, because it blocks something wrong (aka "false positive"). I have no time to check all rulesets and changes ongoing and manually. I heard that OWASP may could be better, but have no experience with it. Any other experiences here in the community, hey readers, whats better?

@3>: In case you go with Comodo, you install the CWAF 2.24.5 DA-plugin and get an UI inside DA (with include/exclude usersdomains, as also with lots of good grouped ruleset-definitions. Well, its good and its a lot. But it does sometimes false positives, which you can manually kickout, if you take the time.

tabs in CWAF for me:
"Security Engine" -> disable domains
"Userdata" -> custom rules, standard behaviours, white-/blacklists..
"Catalog" -> yeah here goes a lot of time
"Protection Wizard" -> good imprinting for inital rulesets, to not load what isnt necessary.

 

[sainikbiswas]

@2>: i`m using comodo ruleset for years and all few monthes i take a customer domain out of the list, because it blocks something wrong (aka "false positive"). I have no time to check all rulesets and changes ongoing and manually. I heard that OWASP may could be better, but have no experience with it. Any other experiences here in the community, hey readers, whats better?

@3>: In case you go with Comodo, you install the CWAF 2.24.5 DA-plugin and get an UI inside DA (with include/exclude usersdomains, as also with lots of good grouped ruleset-definitions. Well, its good and its a lot. But it does sometimes false positives, which you can manually kickout, if you take the time.

tabs in CWAF for me:
"Security Engine" -> disable domains
"Userdata" -> custom rules, standard behaviours, white-/blacklists..
"Catalog" -> yeah here goes a lot of time
"Protection Wizard" -> good imprinting for inital rulesets, to not load what isnt necessary.

Thanks so much Johannes. This was exactly what I was looking for. And you are absolutely correct. If false positives are triggered for any domains we can filter those rules out if necessary from the interface like you pointed out. Thank you so much for helping out and answering the questions.