DirectAdmin Modsecurity changes in Apache

DirectAdmin 1.691 release has modsecurity part refactored. It uses a different method to enable the modsecurity for the apache webserver.

• the httpd-modsecurity.conf is now included with the httpd-modsecurity-enable.conf that gets generated dynamically, not with the httpd-phpmodules.conf as before
• httpd-modsecurity-enable.conf is always included by the httpd.conf. That file is empty when modsec is disabled, and filled with includes when enabled.
• libxml2.so is not used in apache configs anymore as it’s not needed for modsec in 2.4.

If you receive an error like this:

1

httpd: Syntax error on line 51 of /etc/httpd/conf/httpd.conf: Syntax error on line 3 of /etc/httpd/conf/extra/httpd-modsecurity-enable.conf: Syntax error

You have custom files in your /usr/local/directadmin/custombuild/configure/ap2/conf/ directory. Please note, as soon as you start customizing the configs - you become responsible tracking the changes.

Recommendation is to review the configs (diff with the current configs in /usr/local/directadmin/custombuild/configure/ap2/conf ) or remove the customizations completely.