Web Hosting Resource Kit

Web Hosting, Web Hosting Reviews & Virtualization


This post may contain affiliate links. If you use these links to buy something we may earn a commission. Thanks.

What is Mod_Security (on cPanel server)?

By Leave a Comment

What is ModSecurity?

Quote: “ModSecurity is an open source intrusion detection and prevention engine for web applications. Operating as an Apache Web server module, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks.” (Source: http://modsecurity.org)

How to install ModSecurity?

In WHM on your server scroll down to the “Addon Modules” section and select the “modsecurity” addon. (Click on the screenshot for a larger image) If you manually want to compile and install ModSecurity please follow these instructions:

Login to your server via SSH and switch to the root user. Download and unzip ModSecurity:

“wget http://www.modsecurity.org/download/mod_security-1.8.6.tar.gz”
“tar zxf mod_security-1.8.6.tar.gz”

As cPanel still uses Apache 1.3.x you need to go to the proper directory for your environment:

“cd mod_security-1.8.6/apache1”

Now compile the new module for Apache:

“/etc/httpd/bin/apxs -cia mod_security.c”

Backup your httpd.conf file before continuing. After you have created your backup we will need to edit the httpd.conf file:

pico -w /etc/httpd/conf/httpd.conf

Scroll down and find the following line: “AddModule mod_security.c” – start modifying the config file below that line. This would be the place for your rules now. For a set of example rules you can visit http://modsecurity.org/documentation/quick-examples.html and http://eth0.us/?q=node/17. Please be aware that you can ‘damage’ your server if you do not exactly know what you are doing and what rules will do once you restart Apache.

Once you have added your rules you will need to restart Apache to have the changes take affect.

“/etc/rc.d/init.d/apachectl restart”

The quickest way to remove the module from your Apache is by marking out the new entries for it with a “#” in front of each line.

ModSecurity Rules

cPanel supplies a few sample rules with the installation done through WHM. Those rules apparently seem to work well with cPanel/WHM servers. Rules need to be added to  “/usr/local/apache/conf/modsec.user.conf”. If you add rules to “modsec.conf” you will need to be aware that this file will be overwritten. The sample rules can be found at “/usr/local/apache/conf/modsec.user.conf.default”. If you want to work with these rules you will have to logon to your server via SSH and type the following from the command line:

“cp /usr/local/apache/conf/modsec.user.conf.default /usr/local/apache/conf/modsec.user.conf”

You will then need to restart Apache to have the rules take affect. You will be able to use the WHM build-in editor to modify the configuration.

If you want to create your own rules you will need to follow some basics. Please be aware that every rule consists of 5 parameters (Title, Description, Action, Focus, Rule). At this point we do not recommed to use rules outside of the ones that come with cPanel to avoid breaking your server. More documentation can be found at http://modsecurity.org. A complete set of rules can be found here: http://eth0.us/?q=node/17

Disclaimer: We cannot held be responsible for any problems on your server when using ModSecurity. Please consult with an experienced system administrator before making changes to your server’s configuration.

Related posts:

  1. Upgrade To APACHE 2.0 Web Server
  2. Apache Webserver – A quick tutorial for new Admins
  3. Apache HTTP Web server configuration Tutorial
  4. Quick Cpanel/WHM/Server Troubleshooting
  5. How to install MRTG on Your Cpanel Server
  6. How to remove or disable mod_evasive from Apache Web Server?
  7. Restoring Domain Accounts and Server Config Files with WHM / cPanel

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *