Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Is my mod_security (installed with easyapache) working at all? How to test?

Discussion in 'Security' started by SuperBaby, Aug 3, 2013.

  1. SuperBaby

    SuperBaby Well-Known Member

    Joined:
    Nov 27, 2003
    Messages:
    336
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Thailand
    cPanel Access Level:
    Website Owner
    Twitter:
    I installed mod_security via WHM >> Easyapache and let it ran for a few days. I checked the log and there is no entries at all.

    QUESTION 1: I checked the httpd.conf file and search for the word "mod_security" and "mod_sec". No such word found. Is mod_security loaded at all? Am I supposed to see some loading codes about mod_security in httpd.conf?

    I installed Configserver Modsec Control and it is working fine.

    I installed Configserver Security & Firewall and it shows that mod_security is installed.

    QUESTION 2: How can I tell if mod_security is working at all? I tried to point to http://mydomain.com/test.php?secret_file=/etc/passwd from the browser and it gave a PAGE NOT FOUND error instead of FORBIDDEN error. Does that mean mod_security is not working?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #1 SuperBaby, Aug 3, 2013
    Last edited: Aug 3, 2013
  2. SuperBaby

    SuperBaby Well-Known Member

    Joined:
    Nov 27, 2003
    Messages:
    336
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Thailand
    cPanel Access Level:
    Website Owner
    Twitter:
    Just found the solution:

    Go to WHM >> Plugins >> ConfigServer ModSec Control >> ConfigServer ModSecurity Tools
    - Select "modsec2.user.conf", save the page without changing anything.

    This will add a new line to httpd.conf:

    Include "/usr/local/apache/conf/modsec2.conf"

    - - - Updated - - -

    Test using browser by pointing to:

    http://mydomain.com/test.php?secret_file=/etc/passwd

     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,817
    Likes Received:
    84
    Trophy Points:
    78
    Location:
    India
    cPanel Access Level:
    Root Administrator
    It is nice to hear that you have got your solution, BTW the best practice which I would recommend you to use rules of gotroot/atomic or ConfigServer for mod_security as they both are very good.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,961
    Likes Received:
    1,821
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello :)

    Mod_Security is enabled automatically after you select it and build Apache via EasyApache. Assuming no third-party applications are installed to manage it, you can mange it's rules at:

    "WHM >> Plugins >> Mod_Security"

    You will typically see a "406" error code in the Apache error log when Mod_Security blocks a request.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice