mod_security plugin not seeing log file?

BigBirdy

Active Member
Jun 10, 2007
28
0
151
I am running mod_security on a couple of sites running RHEL5 and the latest cpanel/whm. However, looking at the mod_security plugin in whm, there is nothing showing in spite of getting some things blocked by mod_security? Maybe I need to point the plugin to the correct mod_security log file location.

Below are my settings for mod_security in httpd.conf.

<IfModule mod_security.c>
# Turn the filtering engine On/Off
SecFilterEngine On

# Modify your Server Signature, or turn it off by setting it to empty string.
SecServerSignature "Keep Looking!!"

# Enforce URL encoding validation
SecFilterCheckURLEncoding On

# Unicode Encoding Validation
SecFilterCheckUnicodeEncoding Off

# Byte range
SecFilterForceByteRange 1 255

# The audit engine can be turned On of Off on the per server or
# per directory basis. "On" will log everything, "DynamicOrRelevant"
# will only log dynamic requests or violations, and "RelevantOnly"
# will only log policy violations
SecAuditEngine RelevantOnly

# The name of the audit log file
SecAuditLog /var/log/httpd/modsecurity_audit_log

# Whether the mod_security should inspect POST payloads
SecFilterScanPOST On

# Action to take by default
SecFilterDefaultAction "deny,log,status:500"

# Require HTTP_USER_AGENT and HTTP_HOST in all requests
SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"

# Prevent path traversal (..) attacks
SecFilter "../"

# Weaker XSS protection but allows common HTML tags
SecFilter "<[[:space:]]*script"

# Prevent XSS atacks (HTML/Javascript injection)
SecFilter "<(.|n)+>"

# Very crude filters to prevent SQL injection attacks
SecFilter "delete[[:space:]]+from"
SecFilter "insert[[:space:]]+into"
SecFilter "select.+from"

# Protecting from XSS attacks through the PHP session cookie
SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"
</IfModule>
 

docbreed

Well-Known Member
Jul 18, 2005
57
0
156
Same here.. last entry displayed here is from 2007-06-04 but has been working because i am receiving notices from csf via email.

--Jeremy
 

Website Rob

Well-Known Member
Mar 23, 2002
1,504
1
318
Alberta, Canada
cPanel Access Level
Root Administrator
We've only upgraded one Server to v11 but upon doing so, mod_sec which worked just fine previously showed last log date of 2006. Had to uninstall/reinstall to get it working right again.

Make sure to have a backup of your Rules so you can paste them in again.


Also, found it was a good idea to reinstall cPanel Pro as well. Perhaps it goes without saying that all previously installed Modules should be reinstalled?

Note: v11 calls them Plugins whereas previous cPanel versions called them "Addon Modules", in case anyone was wondering. ;)