Is my mod_security (installed with easyapache) working at all? How to test?

SuperBaby

Well-Known Member
Nov 27, 2003
343
0
166
Thailand
cPanel Access Level
Website Owner
Twitter
I installed mod_security via WHM >> Easyapache and let it ran for a few days. I checked the log and there is no entries at all.

QUESTION 1: I checked the httpd.conf file and search for the word "mod_security" and "mod_sec". No such word found. Is mod_security loaded at all? Am I supposed to see some loading codes about mod_security in httpd.conf?

I installed Configserver Modsec Control and it is working fine.

I installed Configserver Security & Firewall and it shows that mod_security is installed.

QUESTION 2: How can I tell if mod_security is working at all? I tried to point to http://mydomain.com/test.php?secret_file=/etc/passwd from the browser and it gave a PAGE NOT FOUND error instead of FORBIDDEN error. Does that mean mod_security is not working?
 
Last edited:

SuperBaby

Well-Known Member
Nov 27, 2003
343
0
166
Thailand
cPanel Access Level
Website Owner
Twitter
Just found the solution:

Go to WHM >> Plugins >> ConfigServer ModSec Control >> ConfigServer ModSecurity Tools
- Select "modsec2.user.conf", save the page without changing anything.

This will add a new line to httpd.conf:

Include "/usr/local/apache/conf/modsec2.conf"

- - - Updated - - -

Test using browser by pointing to:

http://mydomain.com/test.php?secret_file=/etc/passwd

Not Implemented

GET to /test.php not supported.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
 

24x7server

Well-Known Member
Apr 17, 2013
1,907
95
78
India
cPanel Access Level
Root Administrator
It is nice to hear that you have got your solution, BTW the best practice which I would recommend you to use rules of gotroot/atomic or ConfigServer for mod_security as they both are very good.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
Hello :)

Mod_Security is enabled automatically after you select it and build Apache via EasyApache. Assuming no third-party applications are installed to manage it, you can mange it's rules at:

"WHM >> Plugins >> Mod_Security"

You will typically see a "406" error code in the Apache error log when Mod_Security blocks a request.

Thank you.