I want to pay for a mod_security plugin

I want to pay for a mod_security plugin that I can manage from the panel

Please who has interest let me know

It’s definitely very interesting. What exactly would you like hestiacp to have?

• Start / Stop mod_security
• Edit /etc/apache2/modsec/modsecurity.conf
• Edit /etc/apache2/mods-enabled/security3.conf
• And have a preset that could work fine for almost anything. At least for WP.

Modsecurity for nginx requires an custom build for Nginx with out a funding for at least 6k a month for at least 3 years I am not able to do it…

For Apache it makes no sense as we don’t support public facing Apache currently

Agreed nginx mod_security is no fun. But does that really mean if one installed apache mod security, it wouldn’t work? I’m thinking it would. Nginx is just working as a proxy, forwarding everything to apache. As I understand it, it handles all the static content and then offloads everything else to apache, at which point mod_security rules would be obeyed.

So what you’d need is to install mod_security, and then have a way of turning it on for individual sites, first in training mode, then in live mode. For the admin they’d need some way of monitoring the logs, and of enabling disabling rules. Still quite complex, but I think it would actually work, even if apache is behind a proxy.

Meanwhile, Dev, you might be interested in the existence of 7G firewall, which actually covers a lot of the functionality of mod_security, but does so in an .htaccess file. Quite easy to drop into a site and edit.

And now with nginx flavour

First of all mod_security is not on the “to” do list I think ipv6 support is higher on the to do list.

And there are still about 70 other issues open that need to be solved.

But if somebody is willing to invest the time to implement it in Hestia be my guest. How ever the “main” development team currently has no time for it…

Maybe this could be added to HestiaCP. Dev. Are you willing to pay for 7G?

7G is an htaccess files that can be uploaded to the doc root no changes need from our side.

For nginx only you probably want too modify nginx.conf or create a custom template

Also a potenial issue:

Trustwave is announcing the End-of-Life (EOL) of our support for ModSecurity effective July 1, 2024. We will then hand over the maintenance of ModSecurity code back to the open-source community.

Trustwave is also announcing the End-of-Sale (EOS) of Trustwave support for ModSecurity effective August 1, 2021. No new contracts will be accepted after the EOS date.

Any renewed ModSecurity contracts must contain an expiration date on or before July 1, 2024. Contracts with an expiration date after July 1, 2024, will not be accepted.

For further details have a look at: End of Sale and Trustwave Support for ModSecurity Web Application Firewall

The GitHub project page is available here: GitHub - SpiderLabs/ModSecurity: ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. With over 10,000 deployments world-wide, ModSecurity is the most widely deployed WAF in existence.
https://www.modsecurity.org

We can always pray that OS community takes over…

Of course we can do this ourselves but maybe it would be very intersting for the community to have the security enhanced.

Then mod security is not an acceptable solution.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.