CustomBuild – options.conf
Go to Custombuild folder ( /usr/local/directadmin/custombuild ) and Change options.conf file
modsecurity=yes modsecurity_ruleset=none
Configuration file – malware_expert.conf
Generate custom folder first, where we put malware_expert.conf configuration file:
[root@directadmin]# cd /usr/local/directadmin/custombuild [root@directadmin]# mkdir custom [root@directadmin]# mkdir custom/modsecurity [root@directadmin]# mkdir custom/modsecurity/conf
Add new file malware_expert.conf to custom/modsecurity/conf folder:
[root@directadmin]# nano -w /usr/local/directadmin/custombuild/custom/modsecurity/conf/malware_expert.conf
Add line to file and replace SerialKey with your subscription serial key!
SecRemoteRules SerialKey https://rules.malware.expert/download.php?rules=generic
NOTE! Make sure you update custombuild:
[root@directadmin]# ./build modsecurity_rules
ModSecurity is built-in with LiteSpeed, there is no need to install it. ModSecurity has been installed successfully. Copying custom ModSecurity rules to /etc/modsecurity.d/... Installation of ModSecurity Rule Set has been finished.
and check that custombuild add malware_expert.conf file to /etc/modsecurity.d/ folder
Litespeed
Go to LiteSpeed Web Server Administrator panel:
Litespeed – Configuration – Server
Go to Security tab:
Go to bottom page: Web Application Firewall (WAF) and edit:
Litespeed – Configuration – Manual fix
Check out /etc/httpd/conf/httpd.conf configuration file, if there missing this Include:
# ModSecurity to LiteSpeed (need manually add to bottom of file) Include conf/extra/httpd-modsecurity.conf
Litespeed – Restart
Restart LiteSpeed Web Server in Admin panel:
Testing rules
In /var/log/httpd/error_log file you should see:
2017-09-29 07:35:39.977 [INFO] Processing config file: /etc/httpd/conf/extra/httpd-modsecurity.conf 2017-09-29 07:35:39.977 [INFO] Processing config directory: /etc/modsecurity.d
If you but server address or ip in web browser:
http://fqdn.server.address/?malware_expert_test_rule
Refresh page twice, because LiteSpeed load rules after first request (feature, not bug).