Hosting Panels Firewall Rulsets Specific Settings

Navigation:  »No topics above this level«

Hosting Panels Firewall Rulsets Specific Settings

Previous pageReturn to chapter overviewNext page

This section includes specific settings for each hosting panel that Imunify360 supports. It is important to follow these instructions to setup Imunify360 plugin properly.


Note. mod_security, the important software for Imunify360, is not installed automatically during Imunify360 installation process. Without mod_security, Imunify360 will lack the following features:


Web application firewall.

Malware scanning of files uploaded using web.


Mod_security installation process is specific for different panels.


Find the official cPanel documentation on the link:


Find the official Plesk documentation on the link:


Important! If mod_security is installed after Imunify360, it is important to execute the following command to add mod_security ruleset to Imunify360:


For cPanel/Plesk:


imunify360-agent install-vendors


If mod_security is installed before Imunify360, the rules will be installed automatically.


Note. If Imunify360 installer detects any existing ruleset, it installs only minimal set of its rules. So, you need to disable all third-party rulesets prior to Imunify360 installation to get the full ruleset installed automatically.




It is possible to enable Service Status checker for Imunify360. Perform the following steps:


1. Go to Service Configuration and choose Service Manager.


2. In Additional Services section tick imunify360-agent and imunify360-captcha checkboxes.


3. Click Save and wait until cPanel enables the Service Status checker for Imunify360.




If succeeded, the status of Imunify360 service will be displayed at Service Status section of Server Status.




ModSecurity Settings


Recommended mod_security settings are:

Audit Log Level - Only log noteworthy transactions.

Connections Engine - Do not process the rules.

Rules Engine - Process the rules.




It’s also recommended to disable any third-party mod_security vendors except Imunify360 ruleset (especially OWASP and Comodo). These rulesets can cause large number of false-positives and duplicate Imunify360 ruleset.


To do so, go to ModSecurity Vendors section of cPanel main menu, and switch to “Off” all enabled vendors except Imunify360 ruleset.

If there is no Imunify360 ruleset installed, run imunify360-agent install-vendors command.






It is not recommended to use firewalld and Plesk Firewall simultaneously, because Plesk does not fully support such configuration. We recommend to disable firewalld by running the command on the server:


systemctl disable firewalld


Read more about the problem at Plesk Help Center in this thread.


ModSecurity Configuration


Web application firewall mode - On




If any mod_security ruleset was installed during Imunify360 installation, Imunify360 will not install its own ruleset, because Plesk supports only one ruleset at once.


To check, if Imunify360 ruleset is installed, run the following as root:


# plesk sbin modsecurity_ctl -L --enabled


If the output does not contain imunify360, for example:


# plesk sbin modsecurity_ctl -L --enabled



Then remove existing ruleset and install Imunify360 one:


# plesk sbin modsecurity_ctl --disable-all-rules --ruleset tortix
# plesk sbin modsecurity_ctl --uninstall --ruleset tortix
# plesk sbin modsecurity_ctl -L --enabled
# imunify360-agent install-vendors
INFO    [+ 3785ms]                         defence360agent.simple_rpc|Executing ('install-vendors',), params: {}
INFO    [+ 8781ms]   defence360agent.subsys.panels.plesk.mod_security|Successfully installed vendor 'imunify360-full-apache'.
INFO    [+ 8782ms]                  defence360agent.subsys.web_server|Performing web_server graceful restart
# plesk sbin modsecurity_ctl -L --enabled




During installation on DirectAdmin, Imunify360 will try to install mod_security automatically using custombuild 2.0.


Note that automatic installation of Imunify360 ruleset is only supported with custombuild 2.0.