mod_sec with httpd-guardian

jeffschips

Well-Known Member
Jun 5, 2016
135
12
18
new york
cPanel Access Level
Root Administrator
Anybody have experience getting mod_sec to play nicely with http-guardian? There is a box in mod_sec configuration in which a user enters their path to http-guarding, which I've done. However, the instructions in the package are a bit confusing. It says you need to activate or install something called "spread" which is the transport for the data from the install to the perl modules for processing.

I don't want to fiddle with my Centos 6.9 whm/cpanel server without knowing more about installing this.

Any help much appreciated.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
Hello,

I've not seen any reports from cPanel & WHM administrators regarding the use of this feature. I've moved this thread to our Security forum so that others that may have utilized this feature can offer their insight.

Thank you.
 

jeffschips

Well-Known Member
Jun 5, 2016
135
12
18
new york
cPanel Access Level
Root Administrator
Thanks where is the link to that forum? The very annoying thing is CPanel/WHM support say seek out advise from mod_sec forums and advisors, and the mod_sec people say seek out advise from CPanel/WHM. And of cousre the most annoying thing is that the developer of the scripts who advises people to contact him with his email embedded in the scripts, does not respond to queries. So there you have it - tech in the 21st. century.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
Hello @jeffschips,

I'm referring to the Security category of the cPanel Forums. I moved this thread here to increase the chance that you will receive user-feedback, as typically issues and questions relating to Mod_Security are posted here.

The main difficulty you are going to encounter when attempting to setup Guardian Logging on your own is that it doesn't appear to be used by very many people. It's noted under the SecGuardianLog section at:

SpiderLabs/ModSecurity

However, I couldn't find any instances where someone reported using it. Could you provide some background information on the purpose you'd like to use it for? We might be able to offer some alternatives.

Thank you.
 

jeffschips

Well-Known Member
Jun 5, 2016
135
12
18
new york
cPanel Access Level
Root Administrator
Sure, appreciate the offer. I kind of liked the apache-tools set of tools for blocking on the firewall level, bots and such. Particularly HTTP-authenticaion failures of which I receive many. The httpd-guardian was attractive but I'm not wedded to it.

Does mod_sec have a method to ban - on the firewall level - these types of incursions?

Not deny, but block on the firewall.