Is my mod_security (installed with easyapache) working at all? How to test?

[SuperBaby]

I installed mod_security via WHM >> Easyapache and let it ran for a few days. I checked the log and there is no entries at all.

QUESTION 1: I checked the httpd.conf file and search for the word "mod_security" and "mod_sec". No such word found. Is mod_security loaded at all? Am I supposed to see some loading codes about mod_security in httpd.conf?

I installed Configserver Modsec Control and it is working fine.

I installed Configserver Security & Firewall and it shows that mod_security is installed.

QUESTION 2: How can I tell if mod_security is working at all? I tried to point to http://mydomain.com/test.php?secret_file=/etc/passwd from the browser and it gave a PAGE NOT FOUND error instead of FORBIDDEN error. Does that mean mod_security is not working?

 

[SuperBaby]

Just found the solution:

Go to WHM >> Plugins >> ConfigServer ModSec Control >> ConfigServer ModSecurity Tools
- Select "modsec2.user.conf", save the page without changing anything.

This will add a new line to httpd.conf:

Include "/usr/local/apache/conf/modsec2.conf"

- - - Updated - - -

Test using browser by pointing to:

http://mydomain.com/test.php?secret_file=/etc/passwd

Not Implemented

GET to /test.php not supported.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

 

[24x7server]

It is nice to hear that you have got your solution, BTW the best practice which I would recommend you to use rules of gotroot/atomic or ConfigServer for mod_security as they both are very good.

 

[cPanelMichael]

Hello

Mod_Security is enabled automatically after you select it and build Apache via EasyApache. Assuming no third-party applications are installed to manage it, you can mange it's rules at:

"WHM >> Plugins >> Mod_Security"

You will typically see a "406" error code in the Apache error log when Mod_Security blocks a request.

Thank you.