Hosting Panels Firewall Rulesets Specific Settings

• cPanel
  • ModSecurity Settings
  • ModSecurity 3 + Apache limitations
• Plesk
  • ModSecurity Configuration
• DirectAdmin

This section includes specific settings for each hosting panel that Imunify360 supports. It is important to follow these instructions to setup Imunify360 plugin properly.

Note

mod_security, the important software for Imunify360, is not installed automatically during Imunify360 installation process. Without mod_security, Imunify360 will lack the following features:

• Web application firewall
• Malware scanning of files uploaded using web

Mod_security installation process is specific for different panels:

• Find the official cPanel documentation on the link: https://documentation.cpanel.net/display/EA4/Apache+Module%3A+ModSecurity#ApacheModule:ModSecurity-InstallModSecHowtoinstalloruninstallmod_security2

• Find the official Plesk documentation on the link: https://docs.plesk.com/en-US/onyx/administrator-guide/server-administration/web-application-firewall-modsecurity.73383/

Important!

If mod_security is installed after Imunify360, it is important to execute the following command to add mod_security ruleset to Imunify360:

For cPanel/Plesk/DirectAdmin/Stand-alone:

imunify360-agent install-vendors

If mod_security is installed before Imunify360, the rules will be installed automatically.

Note

If Imunify360 installer detects any existing ruleset, it installs only minimal set of its rules. So, you need to disable all third-party rulesets prior to Imunify360 installation to get the full ruleset installed automatically.

cPanel

It is possible to enable Service Status checker for Imunify360. To do so, perform the following steps:

1. Go to Service Configuration and choose Service Manager.

2. In Additional Services section tick imunify360 and imunify360-webshield checkboxes.

3. Click Save and wait until cPanel enables the Service Status checker for Imunify360.

If succeeded, the status of Imunify360 service will be displayed at Service Status section of Server Status.

ModSecurity Settings

Note

Since version 92, cPanel is adding experimental support of ModSecurity 3.x and starting from version 5.7, we implement experimental support of ModSecurity version 3 on cPanel. Since the support is experimental, there are some limitations. Please find them here.

Recommended mod_security settings are:

• Audit Log Level – Only log noteworthy transactions
• Connections Engine – Do not process the rules
• Rules Engine – Process the rules

It’s also recommended to disable any third-party mod_security vendors except Imunify360 ruleset (especially OWASP and Comodo ). These rulesets can cause large number of false-positives and duplicate Imunify360 ruleset.

To do so, go to ModSecurity Vendors section of cPanel main menu, and switch to Off all enabled vendors except Imunify360 ruleset. If there is no Imunify360 ruleset installed, run imunify360-agent install-vendors command.

• Enable rules auto-update. Otherwise, you won't get important updates of ModSecurity ruleset in time

  • For Apache run the following command:

    /usr/local/cpanel/scripts/modsec_vendor enable-updates imunify360-full-apache
    

  • For LiteSpeed run the following command:

    /usr/local/cpanel/scripts/modsec_vendor enable-updates imunify360-full-litespeed 
    

  See details here.

  Or you can use WHMAPI1 to enable vendor auto-updates.

• It is possible to block ModSecurity rules only for IPs that belong to some country. More info can be found in FAQ

ModSecurity 3 + Apache limitations

Since version 92, cPanel is adding experimental support of ModSecurity 3.x and starting from version 5.7, we implement experimental support of ModSecurity version 3 on cPanel. There are still some issues that prevent some Imunify360 features from working property. The feature limitations are:

• working with mod_ruid2
• working with mod_remoteip
• app-specific ruleset feature
• HackerTrap
• uploaded files scanning
• simple password redirect

Plesk

It is not recommended to use firewalld and Plesk Firewall simultaneously, because Plesk does not fully support such configuration. We recommend to disable firewalld by running the command on the server:

systemctl disable firewalld

Read more about the problem at Plesk Help Center in this thread.

ModSecurity Configuration

• Web application firewall mode – On

If any mod_security ruleset was installed during Imunify360 installation, Imunify360 will not install its own ruleset, because Plesk supports only one ruleset at once.

To check, if Imunify360 ruleset is installed, run the following as root:

# plesk sbin modsecurity_ctl -L --enabled
custom

If the output does not contain imunify360, for example:

# plesk sbin modsecurity_ctl -L --enabled
tortix

Then remove existing ruleset and install Imunify360 one:

# plesk sbin modsecurity_ctl --disable-all-rules --ruleset tortix
# plesk sbin modsecurity_ctl --uninstall --ruleset tortix
# plesk sbin modsecurity_ctl -L --enabled
# imunify360-agent install-vendors
INFO    [+ 3785ms]                         defence360agent.simple_rpc|Executing ('install-vendors',), params: {}
INFO    [+ 8781ms]   defence360agent.subsys.panels.plesk.mod_security|Successfully installed vendor 'imunify360-full-apache'.
INFO    [+ 8782ms]                  defence360agent.subsys.web_server|Performing web_server graceful restart
OK
# plesk sbin modsecurity_ctl -L --enabled
custom

Note

Please make sure that Update rule sets option is disabled in your Plesk Web Application Firewall interface on the Settings tab.

Note

Note that in the current version of Plesk, Update rule sets option is available if one of the Atomic Basic ModSecurity/Advanced ModSecurity Rules by Atomicorp/Comodo ModSecurity Rule Set is enabled.

DirectAdmin

During installation on DirectAdmin, Imunify360 will try to install mod_security automatically using custombuild 2.0.

Note

Automatic installation of Imunify360 ruleset is only supported with custombuild 2.0.