Install ModSecurity with OpenLiteSpeed on Ubuntu 22.04

Install ModSecurity dengan OpenLiteSpeed di Ubuntu 22.04

  • Install ModSecurity
apt-get install ols-modsecurity -y

  • Setting ModSecurity pada OpenLiteSpeed
  • Server Configuration > Modules > Add > Module: mod_security > Module Parameters: > Enable Module: Yes > Restart OpenLiteSpeed
modsecurity  on
modsecurity_rules `
SecRuleEngine On
SecAuditEngine on
SecRule REQUEST_URI "@pm info.php" "phase:1,id:'10',log,deny,status:403"
SecDebugLogLevel 0
SecDebugLog /usr/local/lsws/logs/modsec.log
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecAuditLogParts AFH
SecAuditLogType Serial
SecAuditLog /usr/local/lsws/logs/auditmodsec.log
`

  • Buat file info.php untuk pengujian modsecurity
nano /usr/local/lsws/lomp.bikinin.website/info.php

<?php phpinfo();
  • Verifikasi, file info.php tidak dapat diakses

Enable COMODO ModSec_3.0 rule set

  • Install Comodo rule set
mkdir -p /usr/local/lsws/modsec/comodo
cd /usr/local/lsws/modsec/comodo
wget https://sys-ops.id/installer/cwaf_rules_ols-1.233.tgz
tar -zxvf cwaf_rules_ols-1.233.tgz
mv rules.conf.main rules.conf
  • Update konfigurasi Comodo rule set pada OpenLiteSpeed > Save > Restart OpenLiteSpeed
modsecurity  on
modsecurity_rules `
SecRuleEngine On
SecAuditEngine on
SecRule REQUEST_URI "@pm info.php" "phase:1,id:'10',log,deny,status:403"
SecDebugLogLevel 0
SecDebugLog /usr/local/lsws/logs/modsec.log
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecAuditLogParts AFH
SecAuditLogType Serial
SecAuditLog /usr/local/lsws/logs/auditmodsec.log
`
modsecurity_rules_file /usr/local/lsws/modsec/comodo/rules.conf
  • Pengujian

Enable OWASP ModSec_3.0 rule set

  • Install OWASP rule set
mkdir -p /usr/local/lsws/modsec/owasp
cd /usr/local/lsws/modsec/owasp
wget https://github.com/coreruleset/coreruleset/archive/refs/tags/v3.3.4.zip
apt install unzip -y && unzip v3.3.4.zip
mv coreruleset-3.3.4 crs334 && cd crs334
mv crs-setup.conf.example crs-setup.conf
cd rules
mv REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
mv RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
cd ..
  • Buat file owasp-master.conf
nano /usr/local/lsws/modsec/owasp/crs334/owasp-master.conf
include /usr/local/lsws/modsec/owasp/crs332/crs-setup.conf
include /usr/local/lsws/modsec/owasp/crs332/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
include /usr/local/lsws/modsec/owasp/crs332/rules/REQUEST-901-INITIALIZATION.conf
include /usr/local/lsws/modsec/owasp/crs332/rules/REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf
include /usr/local/lsws/modsec/owasp/crs332/rules/REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES.conf
include /usr/local/lsws/modsec/owasp/crs332/rules/REQUEST-903.9003-NEXTCLOUD-EXCLUSION-RULES.conf
include /usr/local/lsws/modsec/owasp/crs332/rules/REQUEST-903.9004-DOKUWIKI-EXCLUSION-RULES.conf
include /usr/local/lsws/modsec/owasp/crs332/rules/REQUEST-903.9005-CPANEL-EXCLUSION-RULES.conf
include /usr/local/lsws/modsec/owasp/crs332/rules/REQUEST-903.9006-XENFORO-EXCLUSION-RULES.conf
include /usr/local/lsws/modsec/owasp/crs332/rules/REQUEST-905-COMMON-EXCEPTIONS.conf
include /usr/local/lsws/modsec/owasp/crs332/rules/REQUEST-910-IP-REPUTATION.conf
include /usr/local/lsws/modsec/owasp/crs332/rules/REQUEST-911-METHOD-ENFORCEMENT.conf
include /usr/local/lsws/modsec/owasp/crs332/rules/REQUEST-912-DOS-PROTECTION.conf
include /usr/local/lsws/modsec/owasp/crs332/rules/REQUEST-913-SCANNER-DETECTION.conf
include /usr/local/lsws/modsec/owasp/crs332/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf
include /usr/local/lsws/modsec/owasp/crs332/rules/REQUEST-921-PROTOCOL-ATTACK.conf
include /usr/local/lsws/modsec/owasp/crs332/rules/REQUEST-922-MULTIPART-ATTACK.conf
include /usr/local/lsws/modsec/owasp/crs30/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf
include /usr/local/lsws/modsec/owasp/crs30/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf
include /usr/local/lsws/modsec/owasp/crs30/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf
include /usr/local/lsws/modsec/owasp/crs30/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf
include /usr/local/lsws/modsec/owasp/crs30/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf
include /usr/local/lsws/modsec/owasp/crs30/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf
include /usr/local/lsws/modsec/owasp/crs30/rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf
include /usr/local/lsws/modsec/owasp/crs30/rules/REQUEST-949-BLOCKING-EVALUATION.conf
include /usr/local/lsws/modsec/owasp/crs30/rules/RESPONSE-950-DATA-LEAKAGES.conf
include /usr/local/lsws/modsec/owasp/crs30/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf
include /usr/local/lsws/modsec/owasp/crs30/rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf
include /usr/local/lsws/modsec/owasp/crs30/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf
include /usr/local/lsws/modsec/owasp/crs30/rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf
include /usr/local/lsws/modsec/owasp/crs30/rules/RESPONSE-959-BLOCKING-EVALUATION.conf
include /usr/local/lsws/modsec/owasp/crs30/rules/RESPONSE-980-CORRELATION.conf
include /usr/local/lsws/modsec/owasp/crs30/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
  • Update konfigurasi Comodo rule set pada OpenLiteSpeed > Save > Restart OpenLiteSpeed
modsecurity  on
modsecurity_rules `
SecRuleEngine On
SecAuditEngine on
SecRule REQUEST_URI "@pm info.php" "phase:1,id:'10',log,deny,status:403"
SecDebugLogLevel 0
SecDebugLog /usr/local/lsws/logs/modsec.log
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecAuditLogParts AFH
SecAuditLogType Serial
SecAuditLog /usr/local/lsws/logs/auditmodsec.log
`
modsecurity_rules_file /usr/local/lsws/modsec/comodo/rules.conf
modsecurity_rules_file /usr/local/lsws/modsec/owasp/crs334/owasp-master.conf

herdiana3389

A system administrator with skills in system administration, virtualization, linux, windows, networking, cloud computing, container, etc.