Submitted by David Power on Fri, 10/23/2020 - 03:09 Pro Licensee
Hello, We are on a Centos 7 system with Apache. Looking for a reliable way to install and manage mod_security WAF and respective rules. If there is a Webmin/Virtualmin module for this, i couldn't find it. Could you please advise on what is the proper way to proceed? Thank you.
Status:
Active
Virtualmin version:
6.12
Webmin version:
1.955
Comments
Submitted by andreychek on Fri, 10/23/2020 - 10:17 Comment #1
Howdy -- thanks for contacting us!
You're right there, I don't believe there's a Webmin or Virtualmin module for managing mod_security, unfortunately.
We also don't do any testing along those lines, so we aren't able to provide a recommended way of handling that.
If that were something I wanted to try on my own personal server, what I'd first do is setup a test server where I wouldn't matter if things broke.
I'd then use the instructions at the mod_security site, or at a related site, for how to get that installed and running. Doing some quick Googling, these instructions here look pretty good for how to get started:
https://www.linode.com/docs/guides/configure-modsecurity-on-apache/
Note that we haven't tested those, and we unfortunately can't provide support on mod_security setup, I was hoping though that maybe that would help get your pointed in the right direction.
If you had further questions on that, you're very welcome to ask in the Forums, as there's many experienced sysadmins there, and we've definitely heard about mod_security being used on Virtualmin servers.
Submitted by David Power on Sun, 10/25/2020 - 14:05 Pro Licensee Comment #2
Thanks, i think what you suggest is the best way forward. I was hoping to find at least some ready mod_security whitelist rules for Webmin/Virtualmin to apply and avoid breaking the system itself. If it happens to know where to find such a list please let me know. Thank you
Submitted by David Power on Sun, 10/25/2020 - 14:05 Pro Licensee Comment #2
Thanks, i think what you suggest is the best way forward. I was hoping to find at least some ready mod_security whitelist rules for Webmin/Virtualmin to apply and avoid breaking the system itself. If it happens to know where to find such a list please let me know. Thank you