mod security issue

[hostnex]

when we add the rule given below in mod security Apache stops working. We are using Apache 2.x .Can anyone help me to resolve the issue.

SecRule RESPONSE_BODY "<?" "deny,msg:'PHP source code
disclosure blocked'"

 

[cPanelMichael]

Hello

I recommend first reading the following document for information about using Mod_Security and implementing custom rules:

EasyApache - Mod_Security

Then, once you have ensured your rule is correctly formatted with a rule ID, check /usr/local/apache/logs/error_log for the specific error message associated with the rule you have added. Restarting Apache should also generate a specific error related to the rule.

Thank you.

 

[quizknows]

You need to ID the rule. Try this:

SecRule RESPONSE_BODY "<?" "deny,id:2000345,msg:'PHP source code disclosure blocked'"

 

[hostnex]

we arr trying to use the rules given in this post but getting error on Apache restart


http://forums.cpanel.net/f185/how-protect-my-sites-c99g-167630.html#post759582


Apache error

root@ [~]# /etc/init.d/httpd configtest
Syntax error on line 2 of /usr/local/apache/conf/modsec2.user.conf:
ModSecurity: Rules must have at least id action

 

[cPanelMichael]

That post is from 2011, and likely is intended for an earlier version of Mod_Security. Did you try the rule from user quizknows in the post before yours?

Thank you.

 

[hostnex]

is there any post on the cpanel forum from we can have some good mod security rules. Gotroot doesn't give free rules anymore

 

[cPanelMichael]

There is a thread on this with some alternatives at:

Atomic Corp No Longer Provides Free Rules

Thank you.