The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is my mod_security (installed with easyapache) working at all? How to test?

Discussion in 'Security' started by SuperBaby, Aug 3, 2013.

  1. SuperBaby

    SuperBaby Well-Known Member

    Joined:
    Nov 27, 2003
    Messages:
    331
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Thailand
    cPanel Access Level:
    Website Owner
    Twitter:
    I installed mod_security via WHM >> Easyapache and let it ran for a few days. I checked the log and there is no entries at all.

    QUESTION 1: I checked the httpd.conf file and search for the word "mod_security" and "mod_sec". No such word found. Is mod_security loaded at all? Am I supposed to see some loading codes about mod_security in httpd.conf?

    I installed Configserver Modsec Control and it is working fine.

    I installed Configserver Security & Firewall and it shows that mod_security is installed.

    QUESTION 2: How can I tell if mod_security is working at all? I tried to point to http://mydomain.com/test.php?secret_file=/etc/passwd from the browser and it gave a PAGE NOT FOUND error instead of FORBIDDEN error. Does that mean mod_security is not working?
     
    #1 SuperBaby, Aug 3, 2013
    Last edited: Aug 3, 2013
  2. SuperBaby

    SuperBaby Well-Known Member

    Joined:
    Nov 27, 2003
    Messages:
    331
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Thailand
    cPanel Access Level:
    Website Owner
    Twitter:
    Just found the solution:

    Go to WHM >> Plugins >> ConfigServer ModSec Control >> ConfigServer ModSecurity Tools
    - Select "modsec2.user.conf", save the page without changing anything.

    This will add a new line to httpd.conf:

    Include "/usr/local/apache/conf/modsec2.conf"

    - - - Updated - - -

    Test using browser by pointing to:

    http://mydomain.com/test.php?secret_file=/etc/passwd

     
  3. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,146
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    India
    cPanel Access Level:
    Root Administrator
    It is nice to hear that you have got your solution, BTW the best practice which I would recommend you to use rules of gotroot/atomic or ConfigServer for mod_security as they both are very good.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,830
    Likes Received:
    672
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Mod_Security is enabled automatically after you select it and build Apache via EasyApache. Assuming no third-party applications are installed to manage it, you can mange it's rules at:

    "WHM >> Plugins >> Mod_Security"

    You will typically see a "406" error code in the Apache error log when Mod_Security blocks a request.

    Thank you.
     
Loading...

Share This Page