Is my mod_security (installed with easyapache) working at all? How to test?

SuperBaby

Well-Known Member
Nov 27, 2003
338
0
166
Thailand
cPanel Access Level
Website Owner
Twitter
I installed mod_security via WHM >> Easyapache and let it ran for a few days. I checked the log and there is no entries at all.

QUESTION 1: I checked the httpd.conf file and search for the word "mod_security" and "mod_sec". No such word found. Is mod_security loaded at all? Am I supposed to see some loading codes about mod_security in httpd.conf?

I installed Configserver Modsec Control and it is working fine.

I installed Configserver Security & Firewall and it shows that mod_security is installed.

QUESTION 2: How can I tell if mod_security is working at all? I tried to point to http://mydomain.com/test.php?secret_file=/etc/passwd from the browser and it gave a PAGE NOT FOUND error instead of FORBIDDEN error. Does that mean mod_security is not working?
 
Last edited:

SuperBaby

Well-Known Member
Nov 27, 2003
338
0
166
Thailand
cPanel Access Level
Website Owner
Twitter
Just found the solution:

Go to WHM >> Plugins >> ConfigServer ModSec Control >> ConfigServer ModSecurity Tools
- Select "modsec2.user.conf", save the page without changing anything.

This will add a new line to httpd.conf:

Include "/usr/local/apache/conf/modsec2.conf"

- - - Updated - - -

Test using browser by pointing to:

http://mydomain.com/test.php?secret_file=/etc/passwd

Not Implemented

GET to /test.php not supported.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
 

cPanelMichael

Technical Support Community Manager
Staff member
Apr 11, 2011
47,911
2,234
363
cPanel Access Level
DataCenter Provider
Twitter
Hello :)

Mod_Security is enabled automatically after you select it and build Apache via EasyApache. Assuming no third-party applications are installed to manage it, you can mange it's rules at:

"WHM >> Plugins >> Mod_Security"

You will typically see a "406" error code in the Apache error log when Mod_Security blocks a request.

Thank you.