The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

EasyApache4 and mod Security

Discussion in 'EasyApache' started by jimlongo, Mar 23, 2016.

  1. jimlongo

    jimlongo Well-Known Member

    Joined:
    Mar 20, 2008
    Messages:
    145
    Likes Received:
    2
    Trophy Points:
    18
    The documentation says We strongly recommend that you do not use Include directives in the modsec2.user.conf file. When you convert to EasyApache 4, the system comments out any Include directives and you must manually verify the paths.

    Can you explain exactly what "manually" refers to.
    I have the Atomic Rules, how do I properly include them.

    Are the vendor supplied OWASP rules as good?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    667
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    This means that once you convert to EasyApache 4, you have to open the following file:

    Code:
    /etc/apache2/conf.d/modsec2.user.conf
    Any include directories that you had previously added will be commented out (The line starts with a # symbol). You have to manually edit the file and remove that symbol for each include after verifying the path is correct.

    Thank you.
     
  3. jimlongo

    jimlongo Well-Known Member

    Joined:
    Mar 20, 2008
    Messages:
    145
    Likes Received:
    2
    Trophy Points:
    18
    My file is now empty except for the whitelist.conf include.
    But there is a user.conf.rpmsave file that is the old file.

    Code:
    SecRequestBodyAccess On
    #SecAuditLogType Concurrent
    SecAuditLogType Serial
    SecResponseBodyAccess On
    SecResponseBodyMimeType (null) text/html text/plain text/xml
    SecResponseBodyLimit 2621440
    SecAuditLogRelevantStatus "^(?:5|4(?!04))"
    SecServerSignature Apache
    SecUploadDir /var/asl/data/suspicious
    SecUploadKeepFiles Off
    SecAuditLogParts ABIFHZ
    SecArgumentSeparator "&"
    SecCookieFormat 0
    SecRequestBodyInMemoryLimit 131072
    SecDataDir /var/asl/data/msa
    SecTmpDir /tmp
    SecAuditLogStorageDir /var/asl/data/audit
    SecResponseBodyLimitAction ProcessPartial
    
    # Include /usr/local/apache/conf/modsec_rules/10_asl_antimalware.conf
    # Include /usr/local/apache/conf/modsec_rules/10_asl_rules.conf
    # Include /usr/local/apache/conf/modsec_rules/20_asl_useragents.conf
    # Include /usr/local/apache/conf/modsec_rules/30_asl_antispam.conf
    # Include /usr/local/apache/conf/modsec_rules/50_asl_rootkits.conf
    # Include /usr/local/apache/conf/modsec_rules/60_asl_recons.conf
    # Include /usr/local/apache/conf/modsec_rules/99_asl_jitp.conf
    
    
    
    # Include /usr/local/apache/conf/modsec2.whitelist.conf
    Should I uncomment all the includes, and copy all of that to the new user.conf file?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    667
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You should not have to make any adjustments before converting to EasyApache 4 because your one include line is already commented out. The Mod Security tool options in Web Host Manager are still available when using EasyApache 4 so you can manage your rulesets.

    Thank you.
     
  5. jimlongo

    jimlongo Well-Known Member

    Joined:
    Mar 20, 2008
    Messages:
    145
    Likes Received:
    2
    Trophy Points:
    18
    Do you mean the ModSecurity Vendors panel?
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    667
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    The "WHM >> Security Center >> Mod Security Tools" option allows you to edit your rules, however the following options are available in Web Host Manager with EasyApache 4 just as they are with EasyApache 3:

    ModSecurity Configuration - Documentation - cPanel Documentation
    ModSecurity Tools - Documentation - cPanel Documentation
    ModSecurity Vendors - Documentation - cPanel Documentation

    The "Include Directives" is what's referenced in the document for updating to EasyApache 4. The other configuration values should convert over. The information you provided suggests your Mod_Security rules should successfully convert over to EasyApache 4.

    Thank you.
     
Loading...

Share This Page