As of now you can use OpenLiteSpeed with ModSecurity and ruleset from Comodo on a DirectAdmin server. Here are instructions on how to install and enable it.
All the installation steps should be done in a server console.
First we change directory and update the custombuild script to make sure it will use actual versions:
cd /usr/local/directadmin/custombuild ./build update
Then we change options
./build set modsecurity yes ./build set modsecurity_ruleset comodo ./build set webserver openlitespeed
And finally we start an installation:
./build openlitespeed ./build modsecurity
As soon as the installation completes we will need to update settings.
In order to get the ModSecurity to work we need to set "SecRequestBodyAccess On", here is how can we do it on a DirectAdmin server without a risk to loose customization:
cd /usr/local/directadmin/custombuild/ mkdir -p custom/openlitespeed/conf cp -p configure/openlitespeed/conf/httpd-modsecurity.conf custom/openlitespeed/conf/ perl -pi -e 's/SecRequestBodyAccess .*/SecRequestBodyAccess On/' custom/openlitespeed/conf/httpd-modsecurity.conf ./build rewrite_confs
A first start might fail with the following error: 'SecDefaultActions can only be placed once per phase and configuration context'.
Here is a fix:
cd /usr/local/directadmin/custombuild/ perl -pi -e 's/^SecDefaultAction /#SecDefaultAction /' custom/openlitespeed/conf/httpd-modsecurity.conf ./build rewrite_confs
We should disable DirectAdmin Comodo WAF plugin which gets installed with the installation of ModSecurity.
Run the following command as root:
perl -pi -e 's/active=yes/active=no/' /usr/local/directadmin/plugins/comodo_waf/plugin.conf
The plugin does not currently support OpenLiteSpeed, hence it might only confuse administrators.
A simple way to test the installation and make sure it is working is to open any site from a server with newly installed OpenLiteSpeed+ModSecurity by a modified URL with ?r=/etc/passwd query string, for example:
Replace www.example.net with your real domain name. If the setup is correct you will get a 403 error: