Configure cPanel's Mod Security with Atomic Corp Rules

ukhost4u

ukhost4u

Active Member
PartnerNOC
Apr 24, 2003
42
0
156
Hello.

We have recently found the default rules of Mod Security which ships with cPanel to be very poor and not provide a good level of security.

As such we have been trying for a while to find a good way to way to use more advanced rules and as we never found any good guide to this so we decided to build our own.

I wanted to post a link here as I think this will be a very useful guide and help people wanting to add extra security to there WHM / cPanel server.


Configuring cPanel ModSecurity with Atomic ModSecurity Rules | UKHost4u Blog

I am more than happy for people to use this information or provide this link to other people who might find this useful.

UK Web Hosting | Dedicated server & VPS hosting | UKHost4u
 
A

Archmactrix

Well-Known Member
Jan 20, 2012
138
2
68
cPanel Access Level
Root Administrator
Thank you for the great guide!

How do I modify the modsec2.user.conf file when adding the content to the file?

This one here:
Code: 
SecPcreMatchLimit 50000
 SecPcreMatchLimitRecursion 50000
 SecRequestBodyAccess On
 SecResponseBodyAccess On
 SecResponseBodyMimeType (null) text/html text/plain text/xml
 SecResponseBodyLimit 220621440
 SecServerSignature Apache
 SecUploadDir /var/asl/data/suspicious
 SecUploadKeepFiles Off
 SecAuditLogParts ABIFHZ
 SecArgumentSeparator "&"
 SecCookieFormat 0
 SecRequestBodyLimit 220621440
 SecRequestBodyInMemoryLimit 220621440
 LimitRequestBody 0
 LimitRequestBody 25097152
 SecDataDir /var/asl/data/msa
 SecTmpDir /tmp
 SecAuditLogStorageDir /var/asl/data/audit
 SecResponseBodyLimitAction ProcessPartial
 # ConfigServer ModSecurity whitelist file
 Include /usr/local/apache/conf/modsec2.whitelist.conf
# ASL/GOTROOT Rules
 Include /usr/local/apache/conf/modsec_rules/*asl*.conf
 
Last edited:
ukhost4u

ukhost4u

Active Member
PartnerNOC
Apr 24, 2003
42
0
156
Hello.

The easiest way to do this would be in WHM under -> Plugins -> Mod Security

I would suggest restarting Apache after doing this to make sure the configuration works.
 
A

Archmactrix

Well-Known Member
Jan 20, 2012
138
2
68
cPanel Access Level
Root Administrator
Thank you for the reply!

I meant how should I add these lines to the modsec2.user.conf.

Should I add the lines together with existing lines, or should I remove them before adding the new lines? :eek:

If I should add them together with existing lines, where should I add them?
 
ukhost4u

ukhost4u

Active Member
PartnerNOC
Apr 24, 2003
42
0
156
Hello.

Sorry I maybe didn't understand your question. You want to replace the current content with these lines, as you don't need to use the default configuration any more.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
Spirogg In Progress CPANEL-40511 - SSL/TLS CONFIGURATION - how can we configure hostname SSL/TLS Configuration to RSA, 4,096-bit Security 4
M The MySQL service is currently configured to listen on all interfaces: (bind-address=*) Security 2
W How to configure to only accept x ips on 80/443 ports Security 3
S [Error] Https redirect is not available because your server is not configured to support it Security 3
I OpenSSL/1.1.1g mod_bwlimited/1.4 configured Security 1
Similar threads
In Progress CPANEL-40511 - SSL/TLS CONFIGURATION - how can we configure hostname SSL/TLS Configuration to RSA, 4,096-bit
The MySQL service is currently configured to listen on all interfaces: (bind-address=*)
How to configure to only accept x ips on 80/443 ports
[Error] Https redirect is not available because your server is not configured to support it
OpenSSL/1.1.1g mod_bwlimited/1.4 configured
Top Bottom