9.1 Installation and Configuration
By default, ModSecurity is not installed, but once you first try to configure ModSecurity CyberPanel prompt for ModSecurity installation.
Go to Main > Security > ModSecurity Conf
Clicking ‘Install Now‘ will start the installation, if installation is successful it will refresh your page and let you configure ModSecurity settings, which looks something like:
There are seven options.
This is the only option controlled by OpenLiteSpeed web server, once you turn this off nothing related to ModSecurity will work, this should be turned On for ModSecurity to function.
ModSecurity can generate extensive logs for HTTP requests in the Audit log file, this option states weather you need extensive logging or not. You can read more details here.
Weather to process rules you have defined in the rules files or not, if
ModSecurity Status is turned off this option does not make any effects.
Levels of debug logs you need, 9 being the highest level of logging. More details here.
If `SecAuditEngine` is turned on you can decide here which parts of HTTP trasaction you want to be logged into audit log file, more details here.
Related to Audit logging more details here.
How Audit logging should be done, more details here.