Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

mod_security best rules

Discussion in 'Security' started by webstyler, Jan 26, 2010.

  1. webstyler

    webstyler Well-Known Member

    Joined:
    Nov 20, 2003
    Messages:
    439
    Likes Received:
    0
    Trophy Points:
    166
    Hello

    after mod_security installation throught easyapache the rules configuration is empty

    so, what think is good rules to download and set for hosting server ?

    On other server a sysadmin have set in WHM > modesecurity config :

    <IfModule mod_security2.c>
    Include /usr/local/apache/conf/rul_modsec/*.conf
    </IfModule>

    any suggest about this or other rules project ?

    Thanks
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #1 webstyler, Jan 26, 2010
  2. ModServ

    ModServ Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    332
    Likes Received:
    5
    Trophy Points:
    168
    Location:
    Egypt
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 ModServ, Jan 30, 2010
  3. webstyler

    webstyler Well-Known Member

    Joined:
    Nov 20, 2003
    Messages:
    439
    Likes Received:
    0
    Trophy Points:
    166
    Hello

    We have installed rules

    File modsec2.user.conf is ok:

    Include /usr/local/apache/modsecurity.d/*asl*.conf
    Include /usr/local/apache/modsecurity.d/exclude.conf

    BUT there is nothing filtered on more than 10 days.. impossible

    How we can make simple test ?

    We have already restart apache, all works fine except mod_security :(

    any suggest ?

    Thanks
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 webstyler, Feb 11, 2010
  4. ModServ

    ModServ Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    332
    Likes Received:
    5
    Trophy Points:
    168
    Location:
    Egypt
    cPanel Access Level:
    Root Administrator
    Hello,

    Check the log:

    tail -fv /usr/local/apache/logs/modsec_audit.log
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 ModServ, Feb 11, 2010
  5. webstyler

    webstyler Well-Known Member

    Joined:
    Nov 20, 2003
    Messages:
    439
    Likes Received:
    0
    Trophy Points:
    166
    uhm..

    only 1 row and with
    .. "GET /robots.txt HTTP/1.1" 500 67 ..

    nothing other :/
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #5 webstyler, Feb 12, 2010
    Last edited: Feb 12, 2010
  6. webstyler

    webstyler Well-Known Member

    Joined:
    Nov 20, 2003
    Messages:
    439
    Likes Received:
    0
    Trophy Points:
    166
    we have check the mysql table of modsec and is empty :(
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 webstyler, Feb 12, 2010
  7. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,342
    Likes Received:
    402
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Assuming there is some sort of configuration issue with your added rulesets, try this to see if we can get you going at least.

    In WHM, very bottom of left menu find Mod Security and click.
    Top of the page that opens, there should be a button here titled Edit Config, click it.
    Next page you should see some links at top. Is the box below empty? At top of page click Default Configuration and automagically fill the box.

    Now Click Save Configuration. Restart Apache for good measure.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #7 Infopro, Feb 12, 2010
  8. webstyler

    webstyler Well-Known Member

    Joined:
    Nov 20, 2003
    Messages:
    439
    Likes Received:
    0
    Trophy Points:
    166

    WHM Config have value of modsec2.user :

    Include /usr/local/apache/modsecurity.d/*asl*.conf
    Include /usr/local/apache/modsecurity.d/exclude.conf
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #8 webstyler, Feb 13, 2010
  9. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,342
    Likes Received:
    402
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Yes I know, you mention it earlier on in the thread.

    Did you populate the the box as I described above?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #9 Infopro, Feb 13, 2010
(You must log in or sign up to post here.)
Loading...
Similar Threads - mod_security best rules
  1. subtopic

    OWASP mod_security breaking Wordpress page save

    subtopic, Sep 18, 2018 at 2:27 PM, in forum: Security
    Replies:
    4
    Views:
    82
    subtopic
    Sep 20, 2018 at 2:56 PM
  2. subtopic

    OWASP mod_security to help /tmp execution

    subtopic, Sep 18, 2018 at 12:32 PM, in forum: Security
    Replies:
    1
    Views:
    40
    cPanelLauren
    Sep 19, 2018 at 3:10 PM
  3. Pratyush Rohilla

    SOLVED Error when installing mod_security via WHM >> EA4

    Pratyush Rohilla, Sep 16, 2018, in forum: EasyApache
    Replies:
    1
    Views:
    34
    cPanelMichael
    Sep 17, 2018 at 12:21 PM
  4. ottdev

    cPanel's implementation of Mod_Security

    ottdev, Aug 8, 2018, in forum: Security
    Replies:
    2
    Views:
    137
    cPanelLauren
    Aug 10, 2018
  5. mehdix92

    Mod_Security blocking WordPress logins

    mehdix92, Jun 13, 2018, in forum: Security
    Replies:
    3
    Views:
    365
    cPanelMichael
    Jun 14, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice