Configure cPanel's Mod Security with Atomic Corp Rules

ukhost4u

Active Member
PartnerNOC
Apr 24, 2003
42
0
156
Hello.

We have recently found the default rules of Mod Security which ships with cPanel to be very poor and not provide a good level of security.

As such we have been trying for a while to find a good way to way to use more advanced rules and as we never found any good guide to this so we decided to build our own.

I wanted to post a link here as I think this will be a very useful guide and help people wanting to add extra security to there WHM / cPanel server.


Configuring cPanel ModSecurity with Atomic ModSecurity Rules | UKHost4u Blog

I am more than happy for people to use this information or provide this link to other people who might find this useful.

UK Web Hosting | Dedicated server & VPS hosting | UKHost4u
 

Archmactrix

Well-Known Member
Jan 20, 2012
138
2
68
cPanel Access Level
Root Administrator
Thank you for the great guide!

How do I modify the modsec2.user.conf file when adding the content to the file?

This one here:
Code:
SecPcreMatchLimit 50000
 SecPcreMatchLimitRecursion 50000
 SecRequestBodyAccess On
 SecResponseBodyAccess On
 SecResponseBodyMimeType (null) text/html text/plain text/xml
 SecResponseBodyLimit 220621440
 SecServerSignature Apache
 SecUploadDir /var/asl/data/suspicious
 SecUploadKeepFiles Off
 SecAuditLogParts ABIFHZ
 SecArgumentSeparator "&"
 SecCookieFormat 0
 SecRequestBodyLimit 220621440
 SecRequestBodyInMemoryLimit 220621440
 LimitRequestBody 0
 LimitRequestBody 25097152
 SecDataDir /var/asl/data/msa
 SecTmpDir /tmp
 SecAuditLogStorageDir /var/asl/data/audit
 SecResponseBodyLimitAction ProcessPartial
 # ConfigServer ModSecurity whitelist file
 Include /usr/local/apache/conf/modsec2.whitelist.conf
# ASL/GOTROOT Rules
 Include /usr/local/apache/conf/modsec_rules/*asl*.conf
 
Last edited:

ukhost4u

Active Member
PartnerNOC
Apr 24, 2003
42
0
156
Hello.

The easiest way to do this would be in WHM under -> Plugins -> Mod Security

I would suggest restarting Apache after doing this to make sure the configuration works.
 

Archmactrix

Well-Known Member
Jan 20, 2012
138
2
68
cPanel Access Level
Root Administrator
Thank you for the reply!

I meant how should I add these lines to the modsec2.user.conf.

Should I add the lines together with existing lines, or should I remove them before adding the new lines? :eek:

If I should add them together with existing lines, where should I add them?
 

ukhost4u

Active Member
PartnerNOC
Apr 24, 2003
42
0
156
Hello.

Sorry I maybe didn't understand your question. You want to replace the current content with these lines, as you don't need to use the default configuration any more.