ModSecurity configuration in WHM
Let’s learns about what is ModSecurity first?
The ModSecurity is an interface using which we can configure the global settings of ModSecurity. It is also a popular and efficient tool used in most of the cPanel servers for detecting the malicious activities and also preventing them. i.e. it provides protection from various kinds of online attacks like brute force attack, SQL injections etc. In simple words we can say that it allows us to add another manageable and practical layer of security to our servers. It helps in decreasing the external threats also includes whitelisting and blacklisting. Here you will find detailed logs of incoming as well as outgoing traffic.
It is also called as a web application firewall. It is supported by different web servers like Apache, NginX etc. It can work as reverse proxy or as an embedded. It is installed with Apache. For performing simple and complex operations it supports rule engine.
Navigate to “Security Center”.
Click “ModSecurity Configuration” option. A new interface will appear. In this interface you can configure a number of global settings for ModSecurity using the various settings provided below like Audit Log Level, Rules Engine, Backend Compression and so on.
So let’s see How to configure global directives?
If you want to set a directive, then click on the directive name. Once the desired changes are finished, click ‘Save’ button which is at the bottom of the page.
You will need to configure following settings:
Audit Log Level: – You can choose from below options to determine how the audit engine logs transactions i.e. controlling the behavior of the connection engine. By Default “Only log Noteworthy Transactions option is selected, as it is recommended.
Rules Engine: – It is controlling the behavior of rules engines. Select from following options:
By default it is set to “Do not Process the rules” option.
Backend Compression: – It is used for enabling and disabling backend compression also it keeps the frontend compression enabled.
Geolocation database: – It allows you to specify the path of the geolocation database in the given textbox.
Google Safe Browsing Database: – In this text box mention the Google safe browsing database path.
Guardian log: – In the given text box enter the path of the desired application. With the help of this you can channel the transaction log information for additional analysis, to an external application.
Project Honey Pot Http: BL API Key: – Mention the Project Honey Pot API Key for using with the @rbl operator in the text box.
Perl Compatible Regular Expressions Library Match Limit: – It will determine the match limit for the Perl Regular Expressions Library Match Limit in the given text box. Its value is set to 1500 by default.
Perl Compatible Regular Expressions Library Match Limit Recursion: – It will determine the match limit recursion for the Perl Compatible Library. Its default value is set to 1500.