ModSecurity Vendors

ModSecurity Vendors

For managing your ModSecurity Vendors WHM provides a tool which is ‘ModSecurity Vendors’.

• Let’s see what is ModSecurity Vendors interface and for what is it used?

ModSecurity Vendor is a module which works similar to a firewall in a web application or website so that it can protect the websites from various types of attacks. These attacks are protected according to the rule set used by that account.

Mostly it looks for incoming requests and after comparing them with the rules described in the rule set it takes the actions on those incoming requests.

You can install as well as manage your ModSecurity vendors using this interface.

First of all, log in to WHM. Navigate to “Security Center”. Click “ModSecurity Vendor” option. Following interface will appear:

Important:

If you want to use this interface, then it is important to install the ModSecurity Apache Module.

You should install the ModSecurity Apache module in order to use ModSecurity Vendor interface. For installing this you can use EasyApache4 interface or YUM.

Note:

EasyApache 4 will load the /etc/apache2/conf.d/modsec/modsec2.cPanel.conf  and /etc/apache2/conf.d/modsec/modsec2.user.conf files.

• But these file’s rules may still affect the way in which ModSecurity functions, which may result into false positives on your system. Therefore if you see many false positives then check these files custom rules.
• Let’s add a ModSecurity Vendor:

Perform following steps for adding a ModSecurity Vendor:

1. Select ‘Add Vendor’ option.
2. Enter the URL for ModSecurity Vendor in the “Vendor Configuration” text box.
3. Then click ‘Load’ option. It will automatically load the “Vendor Name”, “Vendor Description”, “Vendor Documentation URL”, “ Vendor Report URL” and “Path” text boxes.
4. Click ‘Save’ once you confirm that the vendor data is correct.

Important: –

1. Deselect the ‘Enabled’ check box if you want to add a vendor in a disabled state.
2. The interface will ask you to enable or disable each of the Vendor’s configuration files, once you add a Vendor. It is important to enable these vendor’s configuration files so that you can use the vendor’s rules.
3. It is strongly recommended that you should enter a Vendor Configuration URL which should be SSL secured.
4. Let’s see how to “Manage Vendors”:

You will need to run the following script as a “Root” user from command line for managing the ModSecurity Vendor’s functions:

/usr/local/cpanel/scripts/modsec_vendor

• Now let’s see how to “Install a ModSecurity Vendor”:

For installing a cPanel-provided “ModSecurity Vendor”, first click “Install” for the specified vendor

And then again select “Install and Restart Apache”.

• How to enable and disable vendor:
• Click ‘On’ in the ‘Enabled’ column for that vendor for enabling a vendor.
• Click ‘Off’ in the ‘Enabled’ column for that vendor for disabling a vendor.

• How to ‘Enable’ or ‘Disable’ Updates:

Once the ‘Updates’ are ‘Enabled’, the system will retrieve vendor metadata’ new copies from the URL which you have used during the installation process. System then compares the downloaded metadata and automatically fetches and installs new versions of the rule set.

• For Enabling automatic updates for a vendor, click ‘On’ in the ‘Updates’ column.
• For Disabling the automatic updates for a vendor, click ‘Off’ in the ‘Updates’ column.
• How to ‘Edit a Vendor’:

It is required to ‘Edit a Vendor‘, because the ‘ModSecurity Vendor’ rule creates group common rules and sets them into separate configuration files and it is also required for selectively enabling or disabling these configuration files.

• For ‘Editing a ModSecurity Vendor’ perform the following steps:
• Once you have selected the vendor for editing, click ‘Edit’ for that vendor
• For enabling or disabling the configuration file click ‘Enable All’ or click ‘Disable All’ or click ‘Toggle’.
• Let’s see how to ‘Delete a vendor’:

For deleting a ModSecurity Vendor, select the vendor from the list and then click ‘Delete’ and again click ‘Delete’.

Visit: Hostripples!