ModSecurity configuration in WHM

ModSecurity configuration in WHM

Let’s learns about what is ModSecurity first?

The ModSecurity is an interface using which we can configure the global settings of ModSecurity. It is also a popular and efficient tool used in most of the cPanel servers for detecting the malicious activities and also preventing them. i.e. it provides protection from various kinds of online attacks like brute force attack, SQL injections etc. In simple words we can say that it allows us to add another manageable and practical layer of security to our servers. It helps in decreasing the external threats also includes whitelisting and blacklisting. Here you will find detailed logs of incoming as well as outgoing traffic.

It is also called as a web application firewall. It is supported by different web servers like Apache, NginX etc. It can work as reverse proxy or as an embedded. It is installed with Apache. For performing simple and complex operations it supports rule engine.

Navigate to “Security Center”.

Click “ModSecurity Configuration” option. A new interface will appear. In this interface you can configure a number of global settings for ModSecurity using the various settings provided below like Audit Log Level, Rules Engine, Backend Compression and so on.

So let’s see How to configure global directives?

If you want to set a directive, then click on the directive name. Once the desired changes are finished, click ‘Save’ button which is at the bottom of the page.

You will need to configure following settings:

Audit Log Level: – You can choose from below options to determine how the audit engine logs transactions i.e. controlling the behavior of the connection engine. By Default “Only log Noteworthy Transactions option is selected, as it is recommended.

Rules Engine: – It is controlling the behavior of rules engines. Select from following options:

By default it is set to “Do not Process the rules” option.

Backend Compression: – It is used for enabling and disabling backend compression also it keeps the frontend compression enabled.

Geolocation database: – It allows you to specify the path of the geolocation database in the given textbox.

Google Safe Browsing Database: – In this text box mention the Google safe browsing database path.



Guardian log: – In the given text box enter the path of the desired application. With the help of this you can channel the transaction log information for additional analysis, to an external application.

Project Honey Pot Http: BL API Key: – Mention the Project Honey Pot API Key for using with the @rbl operator in the text box.

Perl Compatible Regular Expressions Library Match Limit: – It will determine the match limit for the Perl Regular Expressions Library Match Limit in the given text box. Its value is set to 1500 by default.

Perl Compatible Regular Expressions Library Match Limit Recursion: – It will determine the match limit recursion for the Perl Compatible Library. Its default value is set to 1500.

Visit: Hostripples!


Vishwajit Kale
Vishwajit Kale blazed onto the digital marketing scene back in 2015 and is the digital marketing strategist of Hostripples, a company that aims to provide affordable web hosting solutions. Vishwajit is experienced in digital and content marketing along with SEO. He's fond of writing technology blogs, traveling and reading.

Recent Posts

The Ultimate Showdown: Linux vs Windows for VPS Hosting

As the demand for virtual private servers (VPS) continues to grow, businesses and individuals are faced with a crucial decision:…

2 weeks ago

Questions to Ask Your Web Hosting Support Team

Web hosting is a large industry, as many other factors help any web hosting provider to form a company. The…

2 weeks ago

How to Secure Your WordPress Site in 2025

Welcome to the complete guide to WordPress security best practices in 2024. As technology evolves rapidly, implementing strong security measures…

3 weeks ago

Unlocking the Secrets of Hosting: Essential Questions to Ask Hostripples

Hey, wanted to learn about web hosting? Or do you want to start a new website and need hosting? Questions…

3 weeks ago

DDoS Attacks: What You Need to Know for Protection

In today's digital world, the threat of DDoS attacks has become increasingly prevalent. These types of attacks have the power…

1 month ago