DirectAdmin Knowledge Base and Support

DirectAdmin is a web panel for a simple administration of both virtual and dedicated servers. DirectAdmin is faster, safe and more powerful than any other CP. And we know how to customize and support it.

How to manage ModSecurity with DirectAdmin

| 13:58:13 11.01.2012

If you decided to use Modsecurity on your server with DirectAdmin, there is sometimes a need to disable the module for a particular domain (virtual host). And here I'm going to describe how to achieve the desired.

We presume, you've got mod_security already installed and configured in you box, otherwise install it. A guide you will find with Google, for now I'm not going to describe this part.

Customization of HTTPD templates

Do not overwrite  VirtualHost templates in your custom directory, if you already have them there:

cd /usr/local/directadmin/data/templates
cp virtual_host2*.conf custom
cd custom

Details on how to use custom VirtualHost templates can be found here: http://help.directadmin.com/item.php?id=2

You should update all of the 4 files:

virtual_host2.conf
virtual_host2_secure.conf
virtual_host2_secure_sub.conf
virtual_host2_sub.conf

Put this line:

|?SEC_RULE_ENGINE=ON|

at the top of all the 4 files. 

Put this code

<IfModule mod_security2.c>
   SecRuleEngine |SEC_RULE_ENGINE|
</IfModule>

after line:

SuexecUserGroup |USER| |GROUP|

Save files and execute this command:

echo "action=rewrite&value=httpd" >> /usr/local/directadmin/data/task.queue

wait a minute or so.

Updating of Apache main configuration

Main ModSecurity configuration should come before line:

# Virtual hosts
Include conf/extra/httpd-vhosts.conf

It would be the best choice to put directives into a head of the file /etc/httpd/conf/httpd.conf

ServerRoot "/etc/httpd"
Listen *:80

#LoadModule dummy_module /usr/lib/apache/mod_dummy.so
Include /etc/httpd/conf/extra/httpd-phpmodules.conf
Include /etc/httpd/conf/extra/httpd-custom-modsecurity.conf

User apache
Group apache

Now create  /etc/httpd/conf/extra/httpd-custom-modsecurity.conf and put there all directives for ModSecurity. In my particular I've got there  

LoadFile                        /usr/local/lib/libxml2.so
LoadModule security2_module     /usr/lib/apache/mod_security2.so
<IfModule mod_security2.c>
    Include /etc/modsecurity2/*.conf
    SecRuleEngine DetectionOnly
    #SecRuleEngine On
    SecDataDir /var/log/httpd/
    SecDebugLog /var/log/httpd/modsec-debug.log
    SecDebugLogLevel 2
</IfModule>

The order is very important here. You won't be able to disable ModSecurity for a VirtualHost if the order would be reverse. It means you should firstly enable ModSecurity globally, and then disable it for every particular domain.

Disabling ModSecurity for a VirtualHost

  1. Login into DirectAdmin as admin,
  2. Go to "Add Custom Httpd Configurations" page, 
  3. Select a desire domain
  4. Put code in a textarea:
    |?SEC_RULE_ENGINE=OFF|
  5. and save changes
  6. wait a minute or so and see results.

Notes

If you disable the module for a domain, ModSecurity will disabled and for all of its subdomains. To avoid it, you'll need to add a subdomain as a regular self-standing domain.

Want a plugin to manage it simpler?

Do you want a Plugin for DirectAdmin to manage ModSecurity in a simpler way? Do you want our assistance to install and configure ModSecurity on your server?

CONTACT US FOR DETAILS!

We're ready to help you!

Tags: directadmin ModSecurity How-To 
←  Directadmin + Exim + Dovecot + Sieve + Roundcube  | Start |  How to install a directadmin plugin  →
About Us
We are a team of professionals, and specialize in installation, configuring and managing of remote virtual and dedicated servers powered by Linux/Unix-like OS with DirectAdmin. We support various sets of software, including web-servers Apache, Nginx; internet domain name servers Bind, PowerDNS; mail-servers with POP3, IMAP and SMTP, FTP-servers, etc. After years of working through the most complex server challenges our team has gathered valuable experience and universal solutions suitable for everyday tasks. We are here to lend you a helping hand and take care of your servers in order to let you have enough time to do more of what you love.




SEE HOW WE CAN HELP!
All of the information and data on this site is for informational purposes only and is provided for the convenience of the user.
Powered by: Amiro.CMS - Free edition