ModSecurity Tools
If you want to install and manage ModSecurity rules then WHM offers a tool: ModSecurity Tools.
For accessing this tool log in to WHM >> Navigate to “Security Center” >> then click “ModSecurity Tools” option. Following interface will appear:
In this interface there is a button “Rules List” for viewing the Rules list section. In this section, Click “Hits List” tab.
Important:
“ModSecurity Apache Module” is required for this interface. Therefore it is important to install it.
Then EasyApache 4 will load the /etc/apache2/conf.d/modsec/modsec2.cPanel.conf and /etc/apache2/conf.d/modsec/modsec2.user.conf files.
There is a possibility of creation of false positives on your system because the rules in these files may affect the way in which ModSecurity works.
If you see such false positives then locate for custom rules in this file.
Let’s discuss about “Hits List” option:
When you want to view the server’s history of the rule events that time use the “Hits List” section. If you want to edit or disable the ModSecurity rule which granted a hit, select “Rule ID”. In ourcase the Hits list is empty as you can see.
How to Report a Rule:
Perform the following steps, for reporting the issue with a vendor’s rule:
Important:
The ‘Report a rule’ option will not appear if the vendor does not accept the reports.
Enter the following information for the vendor:
Let’s discuss about “Rules List”:
For updating Apache Server with your planned changes click “Deploy and Restart Apache” which is present at the top or bottom of the interface.
Let’s see “Filter rules” option:
There is a “Vendor” button at the right corner of the table, click that button if you want to filter the list of rules. Then select the vendors which you want to show in the “Vendors” menu and then click “Apply”. For deselecting a vendor hold the “Control” key when you select the vendor.
Let’s see how to add a rule:
Perform following steps for adding a rule:
Let’s see how to Edit a rule:
Important:
If you want to remove all of the vendor’s rules from your system, then it is required to use the ModSecurity Vendors interface as you cannot edit any vendor rules.
Let’s see how to copy a rule:
Perform following steps for copying a rule:
Let’s see how to Edit all rules:
For editing all the rules, perform the following steps:
How to Enable or Disable a rule:
Select ‘Enable’ or ‘Disable’ option in the rule’s row, for enabling or disabling a ModSecurity rule.
Let’s see how to ‘Delete’ a Rule:
For deleting a rule, perform following steps:
ModSecurity Database Script:
If you want to manually create the “ModSecurity database” then run the following command:
/usr/local/cpanel/scripts/setup_modsec_db
Visit: Hostripples!
As the demand for virtual private servers (VPS) continues to grow, businesses and individuals are faced with a crucial decision:…
Web hosting is a large industry, as many other factors help any web hosting provider to form a company. The…
Welcome to the complete guide to WordPress security best practices in 2024. As technology evolves rapidly, implementing strong security measures…
Hey, wanted to learn about web hosting? Or do you want to start a new website and need hosting? Questions…
In today's digital world, the threat of DDoS attacks has become increasingly prevalent. These types of attacks have the power…