ModSecurity Tools

ModSecurity Tools

If you want to install and manage ModSecurity rules then WHM offers a tool: ModSecurity Tools.

For accessing this tool log in to WHM >> Navigate to “Security Center” >> then click “ModSecurity Tools” option. Following interface will appear:

In this interface there is a button “Rules List” for viewing the Rules list section. In this section, Click “Hits List” tab.

Important:

“ModSecurity Apache Module” is required for this interface. Therefore it is important to install it.

Then EasyApache 4 will load the /etc/apache2/conf.d/modsec/modsec2.cPanel.conf and /etc/apache2/conf.d/modsec/modsec2.user.conf files.

There is a possibility of creation of false positives on your system because the rules in these files may affect the way in which ModSecurity works.

If you see such false positives then locate for custom rules in this file.

Let’s discuss about “Hits List” option:

When you want to view the server’s history of the rule events that time use the “Hits List” section. If you want to edit or disable the ModSecurity rule which granted a hit, select “Rule ID”.  In ourcase the Hits list is empty as you can see.

How to Report a Rule:

Perform the following steps, for reporting the issue with a vendor’s rule:

1. First select the hit that has been generated by a rule in the Hits List and click “More”.
2. Click “Report this hit”.

Important:

The ‘Report a rule’ option will not appear if the vendor does not accept the reports.

Enter the following information for the vendor:

• Your email address, the reason for the report and any additional comments for the vendor.
• Click “Review Report”.
• Click “Submit” once you verify the information in your report.

Let’s discuss about “Rules List”:

For updating Apache Server with your planned changes click “Deploy and Restart Apache” which is present at the top or bottom of the interface.

Let’s see “Filter rules” option:

There is a “Vendor” button at the right corner of the table, click that button if you want to filter the list of rules. Then select the vendors which you want to show in the “Vendors” menu and then click “Apply”. For deselecting a vendor hold the “Control” key when you select the vendor.

Let’s see how to add a rule:

Perform following steps for adding a rule:

1. A new interface will appear when select the “Add Rule” option.
2. In the “Rule Text” Text box, enter the rule.
3. Select “Enable Rule” checkbox, if you want to enable the rule at the time of deploying a configuration.
4. Restart Apache immediately, when you want to deploy a rule then select the “Deploy and Restart Apache” checkbox.
5. Click ‘Save’.

Let’s see how to Edit a rule:

1. Select the “Edit” option for the rule which you want to update.
2. Make the desired modifications in the “Rule Text” text box.
3. Click “Save”.

Important:

If you want to remove all of the vendor’s rules from your system, then it is required to use the ModSecurity Vendors interface as you cannot edit any vendor rules.

Let’s see how to copy a rule:

Perform following steps for copying a rule: 

1. Select the rule which you wish to update and click ‘Copy’.
2. Make desired changes in the “Rule Text” text box.
3. Click ‘Save’.

Let’s see how to Edit all rules:

For editing all the rules, perform the following steps:

1. Select “Edit Rules” option.
2. Make the desired changes in the”Rules” text box.
3. Click ‘Save’.

How to Enable or Disable a rule:

Select ‘Enable’ or ‘Disable’ option in the rule’s row, for enabling or disabling a ModSecurity rule.

Let’s see how to ‘Delete’ a Rule:

For deleting a rule, perform following steps:

1. Click ‘Delete’ for the rule which you desire to delete.
2. Click ‘Delete’ for confirming your action.

ModSecurity Database Script:

If you want to manually create the “ModSecurity database” then run the following command:

/usr/local/cpanel/scripts/setup_modsec_db

Visit: Hostripples!