The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mod_security best rules

Discussion in 'Security' started by webstyler, Jan 26, 2010.

  1. webstyler

    webstyler Well-Known Member

    Joined:
    Nov 20, 2003
    Messages:
    432
    Likes Received:
    0
    Trophy Points:
    16
    Hello

    after mod_security installation throught easyapache the rules configuration is empty

    so, what think is good rules to download and set for hosting server ?

    On other server a sysadmin have set in WHM > modesecurity config :

    <IfModule mod_security2.c>
    Include /usr/local/apache/conf/rul_modsec/*.conf
    </IfModule>

    any suggest about this or other rules project ?

    Thanks
     
  2. ModServ

    ModServ Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    332
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Egypt
    cPanel Access Level:
    Root Administrator
  3. webstyler

    webstyler Well-Known Member

    Joined:
    Nov 20, 2003
    Messages:
    432
    Likes Received:
    0
    Trophy Points:
    16
    Hello

    We have installed rules

    File modsec2.user.conf is ok:

    Include /usr/local/apache/modsecurity.d/*asl*.conf
    Include /usr/local/apache/modsecurity.d/exclude.conf

    BUT there is nothing filtered on more than 10 days.. impossible

    How we can make simple test ?

    We have already restart apache, all works fine except mod_security :(

    any suggest ?

    Thanks
     
  4. ModServ

    ModServ Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    332
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Egypt
    cPanel Access Level:
    Root Administrator
    Hello,

    Check the log:

    tail -fv /usr/local/apache/logs/modsec_audit.log
     
  5. webstyler

    webstyler Well-Known Member

    Joined:
    Nov 20, 2003
    Messages:
    432
    Likes Received:
    0
    Trophy Points:
    16
    uhm..

    only 1 row and with
    .. "GET /robots.txt HTTP/1.1" 500 67 ..

    nothing other :/
     
    #5 webstyler, Feb 12, 2010
    Last edited: Feb 12, 2010
  6. webstyler

    webstyler Well-Known Member

    Joined:
    Nov 20, 2003
    Messages:
    432
    Likes Received:
    0
    Trophy Points:
    16
    we have check the mysql table of modsec and is empty :(
     
  7. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,472
    Likes Received:
    200
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Assuming there is some sort of configuration issue with your added rulesets, try this to see if we can get you going at least.

    In WHM, very bottom of left menu find Mod Security and click.
    Top of the page that opens, there should be a button here titled Edit Config, click it.
    Next page you should see some links at top. Is the box below empty? At top of page click Default Configuration and automagically fill the box.

    Now Click Save Configuration. Restart Apache for good measure.
     
  8. webstyler

    webstyler Well-Known Member

    Joined:
    Nov 20, 2003
    Messages:
    432
    Likes Received:
    0
    Trophy Points:
    16

    WHM Config have value of modsec2.user :

    Include /usr/local/apache/modsecurity.d/*asl*.conf
    Include /usr/local/apache/modsecurity.d/exclude.conf
     
  9. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,472
    Likes Received:
    200
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Yes I know, you mention it earlier on in the thread.

    Did you populate the the box as I described above?
     
Loading...

Share This Page