mod_security not working

Jeff P.

Well-Known Member
Feb 2, 2016
74
15
58
Daytona Beach, Florida, USA
cPanel Access Level
DataCenter Provider
Hello, I have the below setup and mod_sec doesn't appear to be working. I tried reprovisioning and even manually removing files and reinstalling.

Any help would be appreciated!

OS: CENTOS 7.9 kvm
cPanel Ver: v98.0.8

Apache 2.4
  • config
  • config-runtime
  • mod_buffer
  • mod_bw
  • mod_bwlimited
  • mod_cgi
  • mod_deflate
  • mod_env
  • mod_expires
  • mod_headers
  • mod_mime_magic
  • mod_mpm_prefork
  • mod_proxy
  • mod_proxy_http
  • mod_proxy_wstunnel
  • mod_security2
  • mod_ssl
  • mod_suexec
  • mod_suphp
  • mod_unique_id
  • tools
PHP 8.0
  • libc-client
  • pear
  • php80-php-fpm
  • php-bcmath
  • php-calendar
  • php-cli
  • php-common
  • php-curl
  • php-devel
  • php-ftp
  • php-gd
  • php-iconv
  • php-imap
  • php-litespeed
  • php-mbstring
  • php-mysqlnd
  • php-pdo
  • php-posix
  • php-soap
  • php-sockets
  • php-xml
  • php-zip
  • runtime
Additional Packages
  • apr
  • apr-util
  • brotli
  • cpanel-tools
  • documentroot
  • libargon2
  • libcurl
  • libnghttp2
  • libxml2
  • libzip
  • modsec-sdbm-util
  • modsec2-rules-owasp-crs
  • nghttp2
  • oniguruma
  • oniguruma-devel
  • openssl11
  • php-cli
  • php-cli-lsphp
  • profiles-cpanel
1632318502702.png

1632317653404.png


1632317698069.png

1632318175548.png
 
Last edited by a moderator:

Jeff P.

Well-Known Member
Feb 2, 2016
74
15
58
Daytona Beach, Florida, USA
cPanel Access Level
DataCenter Provider
I did many times, nothing happened and our server gets plenty of traffic, but I have empty logs.
 

kdean

Well-Known Member
Oct 19, 2012
390
70
78
Orlando, FL
cPanel Access Level
Root Administrator
On the off chance this helps. About a year ago, my ModSecurity that had been previously working all of a sudden stopped working.

While investigating I discovered that /etc/apache2/conf.d/modsec/modsec2.cpanel.conf was empty and I was pretty sure it wasn't supposed to be empty and I never touched it.

So, I went to WHM > Security Center > ModSecurity™ Configuration.

I figured maybe if I just resave the config here but Save is greyed out unless you make a change. So, I changed "Connections Engine" to "Process the rules" and saved and then set it back to "Do not process the rules" and saved.

Now the modsec2.cpanel.conf had content in it again and my user rules and atomicorp rules started working and logging again.

So check that particular file to make sure it's not empty just in case since it can stop the whole thing from working.