Imunify360 Blog - How to set up WAF rulesets on hosting panels to get complete security from Imunify360
Imunify360 and Imunify Sensor Blog

How to set up WAF rulesets on hosting panels to get complete security from Imunify360

How to set up WAF rulesets on hosting panels to get complete security from Imunify360

ModSecurity, the open-source web application firewall, is important software for Imunify360. It provides the following features:

  • Web application firewall.
  • Malware scanning of files uploaded via the web.

ModSecurity is installed automatically only for DirectAdmin and Plesk since Imunify360 version 3.6, and on some hosting panels, other, third-party ModSecurity vendor’s rulesets may be installed (for example, OWASP or Comodo). These rulesets can generate a large number of false-positives, and may duplicate Imunify360’s rulesets.

In this article, we will show how to install ModSecurity for Imunify360, and how to disable other third-party ModSecurity vendors on different hosting panels.

Installation

  1. Install ModSecurity using the official hosting panel documentation:
  2. If ModSecurity is installed after installing Imunify360, it is important to execute the following command (for cPanel/Plesk) to add ModSecurity rulesets to Imunify360:
    imunify360-agent install-vendors
  3. If ModSecurity is installed prior to installing Imunify360, the rules will be installed automatically.

ModSecurity Specific Settings

cPanel
The recommended ModSecurity settings for cPanel are:

  • Audit Log Level — Only log noteworthy transactions
  • Connections Engine — Do not process the rules
  • Rules Engine — Process the rules

Plesk
The recommended ModSecurity settings for Plesk are:

  • Web application firewall mode — On

DirectAdmin
During installation on DirectAdmin, Imunify360 will try to install ModSecurity automatically using custombuild 2.0.
Note that automatic installation of Imunify360 ruleset is only supported with custombuild 2.0.

Disabling third-party ModSecurity vendors

cPanel
Go to the ModSecurity Vendors section of the cPanel main menu, and switch OFF all enabled vendors except the Imunify360 ruleset.

If there is no Imunify360 ruleset installed, run the command:

imunify360-agent install-vendors

Plesk
To check if an Imunify360 ruleset is installed, run the following as root:

# plesk sbin modsecurity_ctl -L --enabled
imunify360-full-apache

If the output does not contain the string imunify360, for example,

# plesk sbin modsecurity_ctl -L --enabled
tortix

remove the existing ruleset and install the Imunify360 one as follows:

# plesk sbin modsecurity_ctl --disable-all-rules --ruleset tortix
# plesk sbin modsecurity_ctl --uninstall --ruleset tortix
# plesk sbin modsecurity_ctl -L --enabled
# imunify360-agent install-vendors
INFO    [+ 3785ms]   defence360agent.simple_rpc|Executing ('install-vendors',), params: {}
INFO    [+ 8781ms]   defence360agent.subsys.panels.plesk.mod_security|Successfully installed vendor 'imunify360-full-apache'.
INFO    [+ 8782ms]   defence360agent.subsys.web_server|Performing web_server graceful restart
OK
# plesk sbin modsecurity_ctl -L --enabled
imunify360-full-apache

You can find complete instructions in our Imunify360 documentation, and soon in the Support Knowledge Base.

Imunify360 Wants to Speak Your Language
Imunify360 3.7.5 Beta is here
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 13 November 2019

Captcha Image