ModSecurity

Note

ModSecurity support is only available on CentOS7/CloudLinux7 and use ModSecurity V3 and LibModSecurity

Note

ModSecurity v3 is beta software under active development and has rough edges including known memory leaks. As of now we do recommend enabling mod_sec v3 on few domains only. enabling for all vhost may affect server stability

Install ModSecurity

yum --enablerepo=ndeploy install nginx-nDeploy-module-modsecurity

Once installed ModSecurity can be turned on/off for a domain from the Xtendweb cPanel user interface under “Application Settings”

Commercial Mod Security rules specifically crafted for web hosting servers

XtendWeb support commercial mod_security rules for its Mod_security V3 from https://malware.expert/

How to enable malware.expert

Edit /etc/nginx/conf.d/modsecurity.conf and towards the end of the file comment out the OWASP Core rules and uncomment malware.expert rules Replace XXXXXXX with the actual serial key you obtain from malware.expert

Edit /etc/nginx/conf.d/modsecurity.conf and towards the end of the file

############## XtendWeb ModSecv3 Rules Setup ########################
# Include OWASP crs core ruleset
# Include /etc/nginx/owasp-modsecurity-crs/crs-setup.conf
# Include /etc/nginx/owasp-modsecurity-crs/rules/*.conf

# Include commercial rules from https://malware.expert/
# Comment out OWASP rules and enable line below
SecRemoteRules XXXXXXX https://rules.malware.expert/download.php?rules=generic
#####################################################################

Ensure the config loads fine

nginx -t
nginx -s reload