# Hosting Panels Firewall Rulesets Specific Settings

This section includes specific settings for each hosting panel that Imunify360 supports. It is important to follow these instructions to setup Imunify360 plugin properly.

Mod_security installation process is specific for different panels:

• Find the official cPanel documentation on the link: https://documentation.cpanel.net/display/EA4/Apache+Module%3A+ModSecurity#ApacheModule:ModSecurity-InstallModSecHowtoinstalloruninstallmod_security2

• Find the official Plesk documentation on the link: https://docs.plesk.com/en-US/onyx/administrator-guide/server-administration/web-application-firewall-modsecurity.73383/

imunify360-agent install-vendors

If mod_security is installed before Imunify360, the rules will be installed automatically.

# cPanel

It is possible to enable Service Status checker for Imunify360. To do so, perform the following steps:

1. Go to Service Configuration and choose Service Manager.

2. In Additional Services section tick imunify360-agent and imunify360-captcha checkboxes.

3. Click Save and wait until cPanel enables the Service Status checker for Imunify360.

If succeeded, the status of Imunify360 service will be displayed at Service Status section of Server Status.

# ModSecurity Settings

Recommended mod_security settings are:

• Audit Log Level – Only log noteworthy transactions
• Connections Engine – Do not process the rules
• Rules Engine – Process the rules

It’s also recommended to disable any third-party mod_security vendors except Imunify360 ruleset (especially OWASP and Comodo ). These rulesets can cause large number of false-positives and duplicate Imunify360 ruleset.

To do so, go to ModSecurity Vendors section of cPanel main menu, and switch to Off all enabled vendors except Imunify360 ruleset. If there is no Imunify360 ruleset installed, run imunify360-agent install-vendors command.

• Enable rules auto-update. Otherwise, you won't get important updates of ModSecurity ruleset in time

  • For Apache run the following command:

    /usr/local/cpanel/scripts/modsec_vendor enable-updates imunify360_full_apache
    

  • For LiteSpeed run the following command:

    /usr/local/cpanel/scripts/modsec_vendor enable-updates imunify360_full_litespeed 
    

  See details here.

  Or you can use WHMAPI1 to enable vendor auto-updates.

• It is possible to block ModSecurity rules only for IPs that belong to some country. More info can be found in FAQ

# Plesk

It is not recommended to use firewalld and Plesk Firewall simultaneously, because Plesk does not fully support such configuration. We recommend to disable firewalld by running the command on the server:

systemctl disable firewalld

Read more about the problem at Plesk Help Center in this thread.

# ModSecurity Configuration

• Web application firewall mode – On

If any mod_security ruleset was installed during Imunify360 installation, Imunify360 will not install its own ruleset, because Plesk supports only one ruleset at once.

To check, if Imunify360 ruleset is installed, run the following as root:

# plesk sbin modsecurity_ctl -L --enabled
imunify360-full-apache

If the output does not contain imunify360, for example:

# plesk sbin modsecurity_ctl -L --enabled
tortix

Then remove existing ruleset and install Imunify360 one:

# plesk sbin modsecurity_ctl --disable-all-rules --ruleset tortix
# plesk sbin modsecurity_ctl --uninstall --ruleset tortix
# plesk sbin modsecurity_ctl -L --enabled
# imunify360-agent install-vendors
INFO    [+ 3785ms]                         defence360agent.simple_rpc|Executing ('install-vendors',), params: {}
INFO    [+ 8781ms]   defence360agent.subsys.panels.plesk.mod_security|Successfully installed vendor 'imunify360-full-apache'.
INFO    [+ 8782ms]                  defence360agent.subsys.web_server|Performing web_server graceful restart
OK
# plesk sbin modsecurity_ctl -L --enabled
imunify360-full-apache

# DirectAdmin

During installation on DirectAdmin, Imunify360 will try to install mod_security automatically using custombuild 2.0.