Actions

Modules:ModSecurity-Installation

From OpenLiteSpeed Wiki

Revision as of 17:00, 11 January 2018 by Malegre (talk | contribs) (Filled in missing placeholder text.)


This wiki discusses how to add and configure OpenLiteSpeed's ModSecurity module. The ModSecurity module allows OpenLiteSpeed to use common mod_security rules to improve server security. For this guide, we assume you already have a working installation of OpenLiteSpeed 1.4.29 or greater. Module support was made available in version 1.3 but the ModSecurity module is only available and supported as of version 1.4.29. The ModSecurity module is not added to OpenLiteSpeed installations automatically and must be built.

Installing The LiteSpeed ModSecurity Module

Building The LiteSpeed ModSecurity Module

Download and install OpenLiteSpeed 1.4.29 or higher if you have not done so already

The ModSecurity Module is available as of OpenLiteSpeed version 1.4.29.


Add & Build The ModSecurity Module

Go into the ModSecurity Module directory /openlitespeed_download/src/modules/modsecurity-ls and run command make -f Makefile.f to get the latest version supported by OpenLiteSpeed. Do not use other versions of ModSecurity as they may not be supported. (The currently supported version of ModSecurity can be found in our release log.) 

cd /openlitespeed_download/src/modules/modsecurity-ls
make -f Makefile.f


All dependencies should be automatically handled in this step. If any problems are encountered at this stage, the module can be built manually by following the instructions here: [1]

Move The Compiled Module To The Modules Directory

cp modsecurity.so /usr/local/lsws/modules


Setting up module from httpd_config.conf

Instead of adding the ModSecurity module from the WebAdmin Console, you can also edit OpenliteSpeed's conf file directly from the command line and append the following content to "httpd_config.conf". Rules can be combined or listed out over multiple lines. 

module modsecurity {
modsecurity  on|off
modsecurity_rules `
            SecRuleEngine On
            SecRule ARGS "@streq whee" "id:10,phase:2"
            SecRule ARGS "@streq whee" "id:11,phase:2"
        `
modsecurity_rules_file          /rule/file/path
modsecurity_rules_remote  key      uri
 }


Notes:

  • The last occurrence of modsecurity on|off will be the one that takes effect.
  • It is recommended to use backticks ` (as shown above) to surround modsecurity_rules rules to avoid any possible issues with single and double quotes used in the rules themselves.
  • modsecurity_rules, modsecurity_rules_file, and modsecurity_rules_remote can mixed and used multiple times each if desired with all rules being combined.
Retrieved from "https://openlitespeed.org/mediawiki/index.php?title=Modules:ModSecurity-Installation&oldid=4184"