Hello HestiaCP Team and Community,
I would like to request the addition of native ModSecurity (OWASP) integration as a core feature in the HestiaCP control panel.
Currently, implementing ModSecurity requires manual installation, configuration via the command line, and separate management of rule sets (like OWASP CRS). This process is complex for many users and can be error-prone, potentially leading to website issues if not configured correctly.
Proposed Features:
-
One-Click Installation/Activation: An option within the web (Apache/Nginx) template or package settings to easily enable or disable ModSecurity for a website.
-
Rule Set Management: Integration for downloading, updating, and selecting rule sets (especially the OWASP Core Rule Set) directly from the panel.
-
Basic Configuration & Log Viewing: A simple interface for adjusting key parameters (like the paranoia level of CRS) and accessing ModSecurity audit/debug logs for each website.
-
False Positive Handling: A streamlined way to view triggered rules and create custom exclusion rules (exceptions) for specific sites directly from the panel.
Benefits:
-
Enhanced Security: Makes a powerful Web Application Firewall (WAF) accessible to all HestiaCP users, significantly improving the security posture of hosted websites against common attacks (SQLi, XSS, etc.).
-
Usability & Adoption: Lowers the technical barrier, allowing users without deep server administration skills to benefit from enterprise-grade security.
-
Competitive Advantage: Brings HestiaCP on par with other control panels that offer integrated WAF solutions, making it an even more attractive and comprehensive hosting platform.
This integration would be a tremendous value-add for security-conscious users and administrators. Thank you for considering this feature request.
Thanks a lot for your time and jobs.
Remzi