ModSecurity Support

Learning Focus

By the end of this lesson you will understand what ModSecurity does, how to enable it in OpenLiteSpeed, and how to apply rule sets.

What ModSecurity Does

ModSecurity is a web application firewall (WAF) that inspects incoming requests against a set of rules and blocks those that match known attack patterns — SQL injection, XSS, path traversal, and more.

Enabling ModSecurity in WebAdmin

Navigate to Server Configuration → Modules
Enable the mod_security module
Configure the rule file path
Save and Graceful Restart

Adding the OWASP Core Rule Set

# Download the OWASP CRS
cd /usr/local/lsws/conf/
sudo git clone https://github.com/coreruleset/coreruleset.git modsecurity-crs
cd modsecurity-crs
sudo cp crs-setup.conf.example crs-setup.conf

Configure the module to include the CRS rules in the WAF configuration path.

Testing ModSecurity

# Test with a simulated SQL injection attempt
curl "https://example.com/?id=1' OR '1'='1"
# Should return 403 Forbidden if ModSecurity is working

# Check the ModSecurity audit log
tail -30 /usr/local/lsws/logs/modsec_audit.log

warning

Test ModSecurity rules in detection mode before enabling blocking. False positives can break legitimate application functionality.

Key Takeaways

ModSecurity provides broad protection against common web attacks.
Use the OWASP Core Rule Set as a starting point.
Always test in detection mode before enabling blocking in production.

What's Next

Continue to OWASP Rules for configuring the rule set.

What ModSecurity Does​

Enabling ModSecurity in WebAdmin​

Adding the OWASP Core Rule Set​

Testing ModSecurity​

Key Takeaways​

What's Next​