The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Howto Install mod_security

Discussion in 'Data Protection' started by free-admin, Jan 25, 2009.

  1. free-admin

    free-admin Member

    Jan 16, 2009
    Likes Received:
    Trophy Points:
    Hello all.

    Howto Install mod_security on WHM?:confused:
  2. free-admin

    free-admin Member

    Jan 16, 2009
    Likes Received:
    Trophy Points:
    I'm sorry I didn't notice a button on easyapache :D
  3. atilimmedya

    atilimmedya Member

    Aug 20, 2006
    Likes Received:
    Trophy Points:
    1. Login to your server through SSH and su to the root user.

    2. First your going to start out by grabbing the latest version of mod_security

    3. Next we untar the archive and cd into the directory:
    tar zxvf mod_security-1.7.4.tar.gz
    cd mod_security-1.7.4/

    4. Now you need to determine which version of apache you use:
    APACHE 1.3.x users
    cd apache1/
    APACHE 2.x users
    cd apache2/

    5. Lets Compile the module now:
    /usr/local/apache/bin/apxs -cia mod_security.c

    6. Ok, now its time to edit the httpd conf file. First we will make a backup just incase something goes wrong:
    cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.backup

    7. Now that we have backed it all up, we can edit the httpd.conf. Replace pico with nano depending on what you have
    pico /usr/local/apache/conf/httpd.conf

    8. Lets look for something in the config, do this by holding control and pressing W and you are going to search for

    <IfModule mod_dir.c> (altho any of the IfModules would work fine)

    9. Now add this

    <IfModule mod_security.c>
    # Turn the filtering engine On or Off
    SecFilterEngine On

    # Change Server: string
    SecServerSignature " "

    # Make sure that URL encoding is valid
    SecFilterCheckURLEncoding On

    # This setting should be set to On only if the Web site is
    # using the Unicode encoding. Otherwise it may interfere with
    # the normal Web site operation.
    SecFilterCheckUnicodeEncoding Off

    # Only allow bytes from this range
    SecFilterForceByteRange 1 255

    # The audit engine works independently and
    # can be turned On of Off on the per-server or
    # on the per-directory basis. "On" will log everything,
    # "DynamicOrRelevant" will log dynamic requests or violations,
    # and "RelevantOnly" will only log policy violations
    SecAuditEngine RelevantOnly

    # The name of the audit log file
    SecAuditLog /var/log/httpd/audit_log

    # Should mod_security inspect POST payloads
    SecFilterScanPOST On

    # Action to take by default
    SecFilterDefaultAction "deny,log,status:500"

    # Require HTTP_USER_AGENT and HTTP_HOST in all requests
    SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"

    # Prevent path traversal (..) attacks
    SecFilter "../"

    # Weaker XSS protection but allows common HTML tags
    SecFilter "<[[:space:]]*script"

    # Prevent XSS atacks (HTML/Javascript injection)
    SecFilter "<(.|n)+>"

    # Very crude filters to prevent SQL injection attacks
    SecFilter "delete[[:space:]]+from"
    SecFilter "insert[[:space:]]+into"
    SecFilter "select.+from"

    # Protecting from XSS attacks through the PHP session cookie
    SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
    SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"

    10. Save the file Ctrl + X then Y

    11. Restart Apache

    /etc/rc.d/init.d/httpd stop
    /etc/rc.d/init.d/httpd start

    You've successfully installed mod_security!
  4. abhi8404

    abhi8404 Registered

    Feb 5, 2009
    Likes Received:
    Trophy Points:
    thanks for the excellent information

Share This Page