mod_security best rules

**webstyler** · 01-26-2010 04:48 PM

Hello

after mod_security installation throught easyapache the rules configuration is empty

so, what think is good rules to download and set for hosting server ?

On other server a sysadmin have set in WHM > modesecurity config :

<IfModule mod_security2.c>
Include /usr/local/apache/conf/rul_modsec/*.conf
</IfModule>

any suggest about this or other rules project ?

Thanks

**ModServ** · 01-30-2010 07:16 PM

Go to Welcome : Got Root may it helps you.

**webstyler** · 02-11-2010 09:38 AM

Hello

We have installed rules

File modsec2.user.conf is ok:

Include /usr/local/apache/modsecurity.d/*asl*.conf
Include /usr/local/apache/modsecurity.d/exclude.conf

BUT there is nothing filtered on more than 10 days.. impossible

How we can make simple test ?

We have already restart apache, all works fine except mod_security

any suggest ?

Thanks

**ModServ** · 02-11-2010 08:59 PM

Hello,

Check the log:

tail -fv /usr/local/apache/logs/modsec_audit.log

**webstyler** · 02-12-2010 01:32 AM

uhm..

only 1 row and with
.. "GET /robots.txt HTTP/1.1" 500 67 ..

nothing other :/

**webstyler** · 02-12-2010 04:07 AM

we have check the mysql table of modsec and is empty

**Infopro** · 02-12-2010 03:36 PM

Originally Posted by webstyler

we have check the mysql table of modsec and is empty

Assuming there is some sort of configuration issue with your added rulesets, try this to see if we can get you going at least.

In WHM, very bottom of left menu find Mod Security and click.
Top of the page that opens, there should be a button here titled Edit Config, click it.
Next page you should see some links at top. Is the box below empty? At top of page click Default Configuration and automagically fill the box.

Now Click Save Configuration. Restart Apache for good measure.

**webstyler** · 02-13-2010 03:51 AM

Originally Posted by Infopro

Assuming there is some sort of configuration issue with your added rulesets, try this to see if we can get you going at least.

In WHM, very bottom of left menu find Mod Security and click.
Top of the page that opens, there should be a button here titled Edit Config, click it.
Next page you should see some links at top. Is the box below empty? At top of page click Default Configuration and automagically fill the box.

Now Click Save Configuration. Restart Apache for good measure.

WHM Config have value of modsec2.user :

Include /usr/local/apache/modsecurity.d/*asl*.conf
Include /usr/local/apache/modsecurity.d/exclude.conf

**Infopro** · 02-13-2010 11:46 AM

Originally Posted by webstyler

WHM Config have value of modsec2.user :

Include /usr/local/apache/modsecurity.d/*asl*.conf
Include /usr/local/apache/modsecurity.d/exclude.conf

Yes I know, you mention it earlier on in the thread.

Did you populate the the box as I described above?

LinkBack

Thread Tools

mod_security best rules

mod_security rules

Help with mod_security rules

mod_security rules

rules mod_security..what about?