Install ModSecurity Rules to Plesk with Manual

Note!

Cannot upload custom ModSecurity ruleset in Plesk 12.5: No matches for the wildcard

This is bug, manual way install only: https://kb.plesk.com/en/128491

If you dont have modsecurity enabled, read this howto install modsecurity.

Installing

Create new file:

[root@plesk]# nano -w /root/malware_expert.conf

Add this content

# ASL Mod Security Template: /var/asl/data/templates/template-tortix_waf.conf
 
SecRuleEngine on
SecRequestBodyAccess On
SecDefaultAction "phase:1,deny,log,status:406"
SecDefaultAction "phase:2,deny,log,status:406"
SecRemoteRulesFailAction Warn
SecRequestBodyLimitAction ProcessPartial
SecResponseBodyLimitAction ProcessPartial
  
SecCollectionTimeout 600
 
SecServerSignature "Apache"
SecComponentSignature 201611281557
SecUploadDir /var/asl/data/suspicious
 
SecTmpSaveUploadedFiles on
 
SecAuditEngine RelevantOnly
# SecAuditLogRelevantStatus "^(?:5|4(?!04))"
# SecAuditLogType Concurrent
# SecAuditLog /var/log/apache2//audit_log
SecAuditLogParts ABIFHZ
SecArgumentSeparator "&"
SecCookieFormat 0
SecRequestBodyInMemoryLimit 131072
SecDataDir /var/asl/data/msa
SecTmpDir /tmp
SecAuditLogStorageDir /var/asl/data/audit

SecResponseBodyLimitAction ProcessPartial
SecConnReadStateLimit 8096
SecConnWriteStateLimit 8096
SecRequestBodyNoFilesLimit 1048576
SecRequestBodyInMemoryLimit 131072
 
SecAuditLogDirMode 0770
SecPcreMatchLimit 250000
SecPcreMatchLimitRecursion 250000
SecInterceptOnError on
SecResponseBodyAccess on

# RBL - DDOS protection - https://malware.expert/rbl-database/
SecRule REQUEST_METHOD         "POST"          "id:'400010',phase:1,t:none,chain,drop,noauditlog,msg:'Malware host detected by rbl.malware.expert'"
SecRule REMOTE_ADDR            "@rbl rbl.malware.expert"

SecRemoteRules SerialKey https://rules.malware.expert/download.php?rules=generic

Note:

And replace SerialKey with your subscription serial key!

Enable rules

[root@plesk]# cd /root
[root@plesk]# /usr/local/psa/admin/bin/modsecurity_ctl --install --with-backup --ruleset custom --archive-path malware_expert.conf
[root@plesk]# /usr/local/psa/admin/bin/modsecurity_ctl --enable-ruleset --ruleset custom
[root@plesk]# /usr/local/psa/admin/bin/apache-config -t
[root@plesk]# apachectl graceful