The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mod_security best rules

Discussion in 'Security' started by webstyler, Jan 26, 2010.

  1. webstyler

    webstyler Well-Known Member

    Joined:
    Nov 20, 2003
    Messages:
    439
    Likes Received:
    0
    Trophy Points:
    166
    Hello

    after mod_security installation throught easyapache the rules configuration is empty

    so, what think is good rules to download and set for hosting server ?

    On other server a sysadmin have set in WHM > modesecurity config :

    <IfModule mod_security2.c>
    Include /usr/local/apache/conf/rul_modsec/*.conf
    </IfModule>

    any suggest about this or other rules project ?

    Thanks
     
    #1 webstyler, Jan 26, 2010
  2. ModServ

    ModServ Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    332
    Likes Received:
    5
    Trophy Points:
    168
    Location:
    Egypt
    cPanel Access Level:
    Root Administrator
    #2 ModServ, Jan 30, 2010
  3. webstyler

    webstyler Well-Known Member

    Joined:
    Nov 20, 2003
    Messages:
    439
    Likes Received:
    0
    Trophy Points:
    166
    Hello

    We have installed rules

    File modsec2.user.conf is ok:

    Include /usr/local/apache/modsecurity.d/*asl*.conf
    Include /usr/local/apache/modsecurity.d/exclude.conf

    BUT there is nothing filtered on more than 10 days.. impossible

    How we can make simple test ?

    We have already restart apache, all works fine except mod_security :(

    any suggest ?

    Thanks
     
    #3 webstyler, Feb 11, 2010
  4. ModServ

    ModServ Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    332
    Likes Received:
    5
    Trophy Points:
    168
    Location:
    Egypt
    cPanel Access Level:
    Root Administrator
    Hello,

    Check the log:

    tail -fv /usr/local/apache/logs/modsec_audit.log
     
    #4 ModServ, Feb 11, 2010
  5. webstyler

    webstyler Well-Known Member

    Joined:
    Nov 20, 2003
    Messages:
    439
    Likes Received:
    0
    Trophy Points:
    166
    uhm..

    only 1 row and with
    .. "GET /robots.txt HTTP/1.1" 500 67 ..

    nothing other :/
     
    #5 webstyler, Feb 12, 2010
    Last edited: Feb 12, 2010
  6. webstyler

    webstyler Well-Known Member

    Joined:
    Nov 20, 2003
    Messages:
    439
    Likes Received:
    0
    Trophy Points:
    166
    we have check the mysql table of modsec and is empty :(
     
    #6 webstyler, Feb 12, 2010
  7. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,623
    Likes Received:
    296
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Assuming there is some sort of configuration issue with your added rulesets, try this to see if we can get you going at least.

    In WHM, very bottom of left menu find Mod Security and click.
    Top of the page that opens, there should be a button here titled Edit Config, click it.
    Next page you should see some links at top. Is the box below empty? At top of page click Default Configuration and automagically fill the box.

    Now Click Save Configuration. Restart Apache for good measure.
     
    #7 Infopro, Feb 12, 2010
  8. webstyler

    webstyler Well-Known Member

    Joined:
    Nov 20, 2003
    Messages:
    439
    Likes Received:
    0
    Trophy Points:
    166

    WHM Config have value of modsec2.user :

    Include /usr/local/apache/modsecurity.d/*asl*.conf
    Include /usr/local/apache/modsecurity.d/exclude.conf
     
    #8 webstyler, Feb 13, 2010
  9. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,623
    Likes Received:
    296
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Yes I know, you mention it earlier on in the thread.

    Did you populate the the box as I described above?
     
    #9 Infopro, Feb 13, 2010
(You must log in or sign up to post here.)
Loading...
Similar Threads - mod_security best rules
  1. Sametto Chan

    What is different mod_security and mod_security2?

    Sametto Chan, Aug 8, 2017, in forum: EasyApache
    Replies:
    3
    Views:
    83
    Sametto Chan
    Aug 8, 2017
  2. Jasleen

    Mod_Security with CRS

    Jasleen, May 30, 2017, in forum: Security
    Replies:
    9
    Views:
    208
    fuzzylogic
    May 31, 2017
  3. Nirjonadda

    Mod_Security Vendors

    Nirjonadda, Apr 16, 2017, in forum: Security
    Replies:
    3
    Views:
    262
    Nirjonadda
    Apr 17, 2017
  4. stevenvsi

    Unable to disable mod_security per domain in user interface

    stevenvsi, Apr 11, 2017, in forum: Security
    Replies:
    9
    Views:
    397
    cPanelMichael
    Apr 11, 2017
  5. caisc

    Mod_Security rule to mitigate constant GET and POST request attack

    caisc, Feb 25, 2017, in forum: Security
    Replies:
    6
    Views:
    357
    quizknows
    Mar 7, 2017

Share This Page