The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mod_security plugin not seeing log file?

Discussion in 'Security' started by BigBirdy, Aug 6, 2007.

  1. BigBirdy

    BigBirdy Active Member

    Jun 10, 2007
    Likes Received:
    Trophy Points:
    I am running mod_security on a couple of sites running RHEL5 and the latest cpanel/whm. However, looking at the mod_security plugin in whm, there is nothing showing in spite of getting some things blocked by mod_security? Maybe I need to point the plugin to the correct mod_security log file location.

    Below are my settings for mod_security in httpd.conf.

    <IfModule mod_security.c>
    # Turn the filtering engine On/Off
    SecFilterEngine On

    # Modify your Server Signature, or turn it off by setting it to empty string.
    SecServerSignature "Keep Looking!!"

    # Enforce URL encoding validation
    SecFilterCheckURLEncoding On

    # Unicode Encoding Validation
    SecFilterCheckUnicodeEncoding Off

    # Byte range
    SecFilterForceByteRange 1 255

    # The audit engine can be turned On of Off on the per server or
    # per directory basis. "On" will log everything, "DynamicOrRelevant"
    # will only log dynamic requests or violations, and "RelevantOnly"
    # will only log policy violations
    SecAuditEngine RelevantOnly

    # The name of the audit log file
    SecAuditLog /var/log/httpd/modsecurity_audit_log

    # Whether the mod_security should inspect POST payloads
    SecFilterScanPOST On

    # Action to take by default
    SecFilterDefaultAction "deny,log,status:500"

    # Require HTTP_USER_AGENT and HTTP_HOST in all requests
    SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"

    # Prevent path traversal (..) attacks
    SecFilter "../"

    # Weaker XSS protection but allows common HTML tags
    SecFilter "<[[:space:]]*script"

    # Prevent XSS atacks (HTML/Javascript injection)
    SecFilter "<(.|n)+>"

    # Very crude filters to prevent SQL injection attacks
    SecFilter "delete[[:space:]]+from"
    SecFilter "insert[[:space:]]+into"
    SecFilter "select.+from"

    # Protecting from XSS attacks through the PHP session cookie
    SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
    SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"
  2. docbreed

    docbreed Well-Known Member

    Jul 18, 2005
    Likes Received:
    Trophy Points:
    Same here.. last entry displayed here is from 2007-06-04 but has been working because i am receiving notices from csf via email.

  3. Website Rob

    Website Rob Well-Known Member

    Mar 23, 2002
    Likes Received:
    Trophy Points:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    We've only upgraded one Server to v11 but upon doing so, mod_sec which worked just fine previously showed last log date of 2006. Had to uninstall/reinstall to get it working right again.

    Make sure to have a backup of your Rules so you can paste them in again.

    Also, found it was a good idea to reinstall cPanel Pro as well. Perhaps it goes without saying that all previously installed Modules should be reinstalled?

    Note: v11 calls them Plugins whereas previous cPanel versions called them "Addon Modules", in case anyone was wondering. ;)

Share This Page