{"id":568,"date":"2012-01-23T23:00:02","date_gmt":"2012-01-23T16:00:02","guid":{"rendered":"http:\/\/whplus.com\/blog\/?p=568"},"modified":"2012-01-23T23:11:59","modified_gmt":"2012-01-23T16:11:59","slug":"how-to-install-gotroot-modsecurity-rules","status":"publish","type":"post","link":"https:\/\/www.whplus.com\/blog\/2012\/01\/23\/how-to-install-gotroot-modsecurity-rules.html","title":{"rendered":"How to install GotRoot ModSecurity Rules"},"content":{"rendered":"<p>Make sure you have at least version 2.6.1 of modsecurity installed. Cpanel includes its own modsecurity configuration files and its own modsecurity module. To install gotroot modsecurity rules for the first time you will need to do the following:<\/p>\n<ol>\n<li>Download the <a href=\"http:\/\/updates.atomicorp.com\/channels\/rules\/delayed\/\">Free Delayed\/Unsupported feed here<\/a>. Keep in mind the Delayed feed is released 90 days after the realtime feed (that includes any fixes).<\/li>\n<li>Unpack the rules in \/usr\/local\/apache\/conf\/<\/li>\n<li>Create the following directories and chmod them accordingly:<br \/>\n<blockquote><p>mkdir \/var\/asl<br \/>\nmkdir \/var\/asl\/data\/<br \/>\nmkdir \/var\/asl\/data\/msa<br \/>\nmkdir \/var\/asl\/data\/audit<br \/>\nmkdir \/var\/asl\/data\/suspicious<br \/>\nchown nobody.nobody \/var\/asl\/data\/msa<br \/>\nchown nobody.nobody \/var\/asl\/data\/audit<br \/>\nchown nobody.nobody \/var\/asl\/data\/suspicious<br \/>\nchmod o-rx -R \/var\/asl\/data\/*<br \/>\nchmod ug+rwx -R \/var\/asl\/data\/*\n<\/p><\/blockquote>\n<p>you will never need to use these directories but they have to be present for the rules to work.<\/li>\n<p><!--more--><\/p>\n<li>Modify your user configuration file \/usr\/local\/apache\/conf\/modsec2.user.conf to have the following commands:<br \/>\n<blockquote><p>SecPcreMatchLimit 50000<br \/>\nSecPcreMatchLimitRecursion 50000<br \/>\nSecRequestBodyAccess On<br \/>\nSecResponseBodyAccess On<br \/>\nSecResponseBodyMimeType (null) text\/html text\/plain text\/xml<br \/>\nSecResponseBodyLimit 20621440<br \/>\nSecServerSignature Apache<br \/>\nSecUploadDir \/var\/asl\/data\/suspicious<br \/>\nSecUploadKeepFiles Off<br \/>\nSecAuditLogParts ABIFHZ<br \/>\nSecArgumentSeparator &#8220;&amp;&#8221;<br \/>\nSecCookieFormat 0<br \/>\nSecRequestBodyLimit 20621440<br \/>\nSecRequestBodyInMemoryLimit 2062144<br \/>\nSecDataDir \/var\/asl\/data\/msa<br \/>\nSecTmpDir \/tmp<br \/>\nSecAuditLogStorageDir \/var\/asl\/data\/audit<br \/>\nSecResponseBodyLimitAction ProcessPartial<br \/>\n# ASL\/GOTROOT Rules<br \/>\nInclude \/usr\/local\/apache\/conf\/modsec\/*asl*.conf\n<\/p><\/blockquote>\n<p>The recommended minimum ruleset to load is:<\/p>\n<blockquote><p>\nInclude \/usr\/local\/apache\/conf\/modsec\/00_asl_z_antievasion.conf<br \/>\nInclude \/usr\/local\/apache\/conf\/modsec\/09_asl_rules.conf<br \/>\nInclude \/usr\/local\/apache\/conf\/modsec\/10_asl_antimalware.conf<br \/>\nInclude \/usr\/local\/apache\/conf\/modsec\/10_asl_rules.conf<br \/>\nInclude \/usr\/local\/apache\/conf\/modsec\/11_asl_adv_rules.conf<br \/>\nInclude \/usr\/local\/apache\/conf\/modsec\/20_asl_useragents.conf<br \/>\nInclude \/usr\/local\/apache\/conf\/modsec\/30_asl_antispam.conf<br \/>\nInclude \/usr\/local\/apache\/conf\/modsec\/50_asl_rootkits.conf<br \/>\nInclude \/usr\/local\/apache\/conf\/modsec\/60_asl_recons.conf<br \/>\nInclude \/usr\/local\/apache\/conf\/modsec\/61_asl_recons_dlp.conf<br \/>\nInclude \/usr\/local\/apache\/conf\/modsec\/99_asl_jitp.conf\n<\/p><\/blockquote>\n<\/li>\n<li>Before restarting apache we recommend you test your configuration by running apache with the &#8220;configtest&#8221; command.<br \/>\n<blockquote><p>service httpd configtest<\/p><\/blockquote>\n<\/li>\n<li>Restart apache, enjoy your new secure web server!<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>Make sure you have at least version 2.6.1 of modsecurity installed. Cpanel includes its own modsecurity configuration files and its own modsecurity module. To install gotroot modsecurity rules for the first time you will need to do the following: Download the Free Delayed\/Unsupported feed here. Keep in mind the Delayed feed is released 90 days\u2026 <span class=\"read-more\"><a href=\"https:\/\/www.whplus.com\/blog\/2012\/01\/23\/how-to-install-gotroot-modsecurity-rules.html\">Read More &raquo;<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-568","post","type-post","status-publish","format-standard","hentry","category-tutorial"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/posts\/568","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/comments?post=568"}],"version-history":[{"count":7,"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/posts\/568\/revisions"}],"predecessor-version":[{"id":570,"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/posts\/568\/revisions\/570"}],"wp:attachment":[{"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/media?parent=568"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/categories?post=568"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/tags?post=568"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}