Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

mod_security best rules

Discussion in 'Security' started by webstyler, Jan 26, 2010.

  1. webstyler

    webstyler Well-Known Member

    Joined:
    Nov 20, 2003
    Messages:
    439
    Likes Received:
    0
    Trophy Points:
    166
    Hello

    after mod_security installation throught easyapache the rules configuration is empty

    so, what think is good rules to download and set for hosting server ?

    On other server a sysadmin have set in WHM > modesecurity config :

    <IfModule mod_security2.c>
    Include /usr/local/apache/conf/rul_modsec/*.conf
    </IfModule>

    any suggest about this or other rules project ?

    Thanks
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #1 webstyler, Jan 26, 2010
  2. ModServ

    ModServ Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    332
    Likes Received:
    5
    Trophy Points:
    168
    Location:
    Egypt
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 ModServ, Jan 30, 2010
  3. webstyler

    webstyler Well-Known Member

    Joined:
    Nov 20, 2003
    Messages:
    439
    Likes Received:
    0
    Trophy Points:
    166
    Hello

    We have installed rules

    File modsec2.user.conf is ok:

    Include /usr/local/apache/modsecurity.d/*asl*.conf
    Include /usr/local/apache/modsecurity.d/exclude.conf

    BUT there is nothing filtered on more than 10 days.. impossible

    How we can make simple test ?

    We have already restart apache, all works fine except mod_security :(

    any suggest ?

    Thanks
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 webstyler, Feb 11, 2010
  4. ModServ

    ModServ Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    332
    Likes Received:
    5
    Trophy Points:
    168
    Location:
    Egypt
    cPanel Access Level:
    Root Administrator
    Hello,

    Check the log:

    tail -fv /usr/local/apache/logs/modsec_audit.log
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 ModServ, Feb 11, 2010
  5. webstyler

    webstyler Well-Known Member

    Joined:
    Nov 20, 2003
    Messages:
    439
    Likes Received:
    0
    Trophy Points:
    166
    uhm..

    only 1 row and with
    .. "GET /robots.txt HTTP/1.1" 500 67 ..

    nothing other :/
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #5 webstyler, Feb 12, 2010
    Last edited: Feb 12, 2010
  6. webstyler

    webstyler Well-Known Member

    Joined:
    Nov 20, 2003
    Messages:
    439
    Likes Received:
    0
    Trophy Points:
    166
    we have check the mysql table of modsec and is empty :(
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 webstyler, Feb 12, 2010
  7. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,235
    Likes Received:
    384
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Assuming there is some sort of configuration issue with your added rulesets, try this to see if we can get you going at least.

    In WHM, very bottom of left menu find Mod Security and click.
    Top of the page that opens, there should be a button here titled Edit Config, click it.
    Next page you should see some links at top. Is the box below empty? At top of page click Default Configuration and automagically fill the box.

    Now Click Save Configuration. Restart Apache for good measure.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #7 Infopro, Feb 12, 2010
  8. webstyler

    webstyler Well-Known Member

    Joined:
    Nov 20, 2003
    Messages:
    439
    Likes Received:
    0
    Trophy Points:
    166

    WHM Config have value of modsec2.user :

    Include /usr/local/apache/modsecurity.d/*asl*.conf
    Include /usr/local/apache/modsecurity.d/exclude.conf
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #8 webstyler, Feb 13, 2010
  9. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,235
    Likes Received:
    384
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Yes I know, you mention it earlier on in the thread.

    Did you populate the the box as I described above?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #9 Infopro, Feb 13, 2010
(You must log in or sign up to post here.)
Loading...
Similar Threads - mod_security best rules
  1. mehdix92

    Mod_Security blocking WordPress logins

    mehdix92, Jun 13, 2018, in forum: Security
    Replies:
    3
    Views:
    185
    cPanelMichael
    Jun 14, 2018
  2. meeven

    Questions about enabling mod_security

    meeven, May 22, 2018, in forum: Security
    Replies:
    2
    Views:
    127
    meeven
    Jun 2, 2018
  3. urgido

    SOLVED SQlite mod_security corrupt

    urgido, May 12, 2018, in forum: Database Discussion
    Replies:
    5
    Views:
    127
    cPanelMichael
    May 15, 2018
  4. Nandulal

    Mod_security installation error

    Nandulal, May 12, 2018, in forum: General Discussion
    Replies:
    1
    Views:
    98
    cPanelLauren
    May 14, 2018
  5. PabloC

    Problem with mod_security - can't edit WP's posts, get 404

    PabloC, Feb 26, 2018, in forum: Security
    Replies:
    3
    Views:
    208
    Infopro
    Feb 27, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice