Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

mod_security best rules

Discussion in 'Security' started by webstyler, Jan 26, 2010.

  1. webstyler

    webstyler Well-Known Member

    Joined:
    Nov 20, 2003
    Messages:
    439
    Likes Received:
    0
    Trophy Points:
    166
    Hello

    after mod_security installation throught easyapache the rules configuration is empty

    so, what think is good rules to download and set for hosting server ?

    On other server a sysadmin have set in WHM > modesecurity config :

    <IfModule mod_security2.c>
    Include /usr/local/apache/conf/rul_modsec/*.conf
    </IfModule>

    any suggest about this or other rules project ?

    Thanks
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. ModServ

    ModServ Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    332
    Likes Received:
    5
    Trophy Points:
    168
    Location:
    Egypt
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. webstyler

    webstyler Well-Known Member

    Joined:
    Nov 20, 2003
    Messages:
    439
    Likes Received:
    0
    Trophy Points:
    166
    Hello

    We have installed rules

    File modsec2.user.conf is ok:

    Include /usr/local/apache/modsecurity.d/*asl*.conf
    Include /usr/local/apache/modsecurity.d/exclude.conf

    BUT there is nothing filtered on more than 10 days.. impossible

    How we can make simple test ?

    We have already restart apache, all works fine except mod_security :(

    any suggest ?

    Thanks
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. ModServ

    ModServ Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    332
    Likes Received:
    5
    Trophy Points:
    168
    Location:
    Egypt
    cPanel Access Level:
    Root Administrator
    Hello,

    Check the log:

    tail -fv /usr/local/apache/logs/modsec_audit.log
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. webstyler

    webstyler Well-Known Member

    Joined:
    Nov 20, 2003
    Messages:
    439
    Likes Received:
    0
    Trophy Points:
    166
    uhm..

    only 1 row and with
    .. "GET /robots.txt HTTP/1.1" 500 67 ..

    nothing other :/
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #5 webstyler, Feb 12, 2010
    Last edited: Feb 12, 2010
  6. webstyler

    webstyler Well-Known Member

    Joined:
    Nov 20, 2003
    Messages:
    439
    Likes Received:
    0
    Trophy Points:
    166
    we have check the mysql table of modsec and is empty :(
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,342
    Likes Received:
    402
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Assuming there is some sort of configuration issue with your added rulesets, try this to see if we can get you going at least.

    In WHM, very bottom of left menu find Mod Security and click.
    Top of the page that opens, there should be a button here titled Edit Config, click it.
    Next page you should see some links at top. Is the box below empty? At top of page click Default Configuration and automagically fill the box.

    Now Click Save Configuration. Restart Apache for good measure.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. webstyler

    webstyler Well-Known Member

    Joined:
    Nov 20, 2003
    Messages:
    439
    Likes Received:
    0
    Trophy Points:
    166

    WHM Config have value of modsec2.user :

    Include /usr/local/apache/modsecurity.d/*asl*.conf
    Include /usr/local/apache/modsecurity.d/exclude.conf
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,342
    Likes Received:
    402
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Yes I know, you mention it earlier on in the thread.

    Did you populate the the box as I described above?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice