Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Howto Install mod_security

Discussion in 'Data Protection' started by free-admin, Jan 25, 2009.

  1. free-admin

    free-admin Member

    Jan 16, 2009
    Likes Received:
    Trophy Points:
    Hello all.

    Howto Install mod_security on WHM?:confused:
  2. free-admin

    free-admin Member

    Jan 16, 2009
    Likes Received:
    Trophy Points:
    I'm sorry I didn't notice a button on easyapache :D
  3. atilimmedya

    atilimmedya Member

    Aug 20, 2006
    Likes Received:
    Trophy Points:
    1. Login to your server through SSH and su to the root user.

    2. First your going to start out by grabbing the latest version of mod_security

    3. Next we untar the archive and cd into the directory:
    tar zxvf mod_security-1.7.4.tar.gz
    cd mod_security-1.7.4/

    4. Now you need to determine which version of apache you use:
    APACHE 1.3.x users
    cd apache1/
    APACHE 2.x users
    cd apache2/

    5. Lets Compile the module now:
    /usr/local/apache/bin/apxs -cia mod_security.c

    6. Ok, now its time to edit the httpd conf file. First we will make a backup just incase something goes wrong:
    cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.backup

    7. Now that we have backed it all up, we can edit the httpd.conf. Replace pico with nano depending on what you have
    pico /usr/local/apache/conf/httpd.conf

    8. Lets look for something in the config, do this by holding control and pressing W and you are going to search for

    <IfModule mod_dir.c> (altho any of the IfModules would work fine)

    9. Now add this

    <IfModule mod_security.c>
    # Turn the filtering engine On or Off
    SecFilterEngine On

    # Change Server: string
    SecServerSignature " "

    # Make sure that URL encoding is valid
    SecFilterCheckURLEncoding On

    # This setting should be set to On only if the Web site is
    # using the Unicode encoding. Otherwise it may interfere with
    # the normal Web site operation.
    SecFilterCheckUnicodeEncoding Off

    # Only allow bytes from this range
    SecFilterForceByteRange 1 255

    # The audit engine works independently and
    # can be turned On of Off on the per-server or
    # on the per-directory basis. "On" will log everything,
    # "DynamicOrRelevant" will log dynamic requests or violations,
    # and "RelevantOnly" will only log policy violations
    SecAuditEngine RelevantOnly

    # The name of the audit log file
    SecAuditLog /var/log/httpd/audit_log

    # Should mod_security inspect POST payloads
    SecFilterScanPOST On

    # Action to take by default
    SecFilterDefaultAction "deny,log,status:500"

    # Require HTTP_USER_AGENT and HTTP_HOST in all requests
    SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"

    # Prevent path traversal (..) attacks
    SecFilter "../"

    # Weaker XSS protection but allows common HTML tags
    SecFilter "<[[:space:]]*script"

    # Prevent XSS atacks (HTML/Javascript injection)
    SecFilter "<(.|n)+>"

    # Very crude filters to prevent SQL injection attacks
    SecFilter "delete[[:space:]]+from"
    SecFilter "insert[[:space:]]+into"
    SecFilter "select.+from"

    # Protecting from XSS attacks through the PHP session cookie
    SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
    SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"

    10. Save the file Ctrl + X then Y

    11. Restart Apache

    /etc/rc.d/init.d/httpd stop
    /etc/rc.d/init.d/httpd start

    You've successfully installed mod_security!
  4. abhi8404

    abhi8404 Registered

    Feb 5, 2009
    Likes Received:
    Trophy Points:
    thanks for the excellent information

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice