What are mod_security rule set that are compatible with DirectAdmin?

smhnaji

Verified User
Joined
Mar 28, 2013
Messages
24
I have found some free sets of mod_security rules on the net. For example: http://static.askapache.com/httpd/m...he_2.1.4/rules/modsecurity_crs_10_config.conf (I changed its name to something else)

But when I add it beside current modsecurity_crs_10_config (that is listed below), it doesn't loads the websites (I don't know why)
Code:
#SecRuleEngine DetectionOnly
SecRuleEngine On
SecDataDir /var/log/httpd/
SecDebugLog /var/log/httpd/modsec-debug.log
SecDebugLogLevel 1

Another one that I have found is https://github.com/SpiderLabs/ModSecurity/blob/master/modsecurity.conf-recommended, but I haven't yet tested it.

Anyway unfortunately there isn't a good tutorial about mod_security version 2 and only its useful directives.

++++++

At the other hand, a very rich sets of rules that I've found are OWASP mod_security CRS at https://github.com/SpiderLabs/owasp-modsecurity-crs

Taking a look at the official installation guide, they have said
1) The modsecurity_crs_10_config.conf includes management rules and directives
that can control important CRS functions. Pay attention to
the SecRuleEngine setting (On by default) and that the SecDefaultAction
directive is set to "pass". The 49 inbound blocking and 59 outbound blocking
rules files use the "block" action which
inherits this setting. The effectively means that you can toggle the
SecDefaultAction setting to decide if you would like to deny on an
anomaly scoring/correlation match.

But their recommanded modsecurity_crs_10_config.conf doesn't have SecRuleEngine setting On at all!

Also, there is not a clear installation guide. It's very hard to understand.

Someone please help me to increase my server security. I have been hacked 3 time, and 2 DDOS attacks in the past week that one of them were very hard.

Thank you
 
I renamed it to modsecurity_crs_10_config_that_i_got_from_internet.conf and let be neighbor of the main modsecurity_crs_10_config and they are not giving any error and the pages are loaded.

But they don't seem to be prefect in comparison to OWASP mod_security CRS.

Now I wanna know the really good way to go with OWASP mod_security CRS because they look very strong.
Do they have any problem with Directadmin? What rules are more necessary? Any problem if I enable ALL the rules in a Shared Hosting that a lot of people have Joomla abd Wordpress?

Please tell me what more should I do to get the most of mod_security?

Thank you
 
Hello and thank you for your answer, but it doesn't work:
Code:
# ./update.script MODsecurity2Apache2Rules

Download Modsecurity Rules here http://www.modsecurity.org/
Thank you
 
We personally use
# Core ModSecurity Rule - Updated B Wael Isa <web4host.net> 2008
with sql_injection_attacks.conf and a whitelist.conf if anything breaks for a client so we can filter directories.
 
Thank you for your personal experience.

1. Would you please write down those rules? Or provide a link.
2. I have found some WP specific rules. Are there also some Joomla specific rules? Joomla websites are hardly been hacked and whenever one is hacked, the other Joomla websites are hacked one after the other. It's a very important problem for me.
 
Back
Top