Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

mod_security plugin not seeing log file?

Discussion in 'Security' started by BigBirdy, Aug 6, 2007.

  1. BigBirdy

    BigBirdy Active Member

    Joined:
    Jun 10, 2007
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    151
    I am running mod_security on a couple of sites running RHEL5 and the latest cpanel/whm. However, looking at the mod_security plugin in whm, there is nothing showing in spite of getting some things blocked by mod_security? Maybe I need to point the plugin to the correct mod_security log file location.

    Below are my settings for mod_security in httpd.conf.

    <IfModule mod_security.c>
    # Turn the filtering engine On/Off
    SecFilterEngine On

    # Modify your Server Signature, or turn it off by setting it to empty string.
    SecServerSignature "Keep Looking!!"

    # Enforce URL encoding validation
    SecFilterCheckURLEncoding On

    # Unicode Encoding Validation
    SecFilterCheckUnicodeEncoding Off

    # Byte range
    SecFilterForceByteRange 1 255

    # The audit engine can be turned On of Off on the per server or
    # per directory basis. "On" will log everything, "DynamicOrRelevant"
    # will only log dynamic requests or violations, and "RelevantOnly"
    # will only log policy violations
    SecAuditEngine RelevantOnly

    # The name of the audit log file
    SecAuditLog /var/log/httpd/modsecurity_audit_log

    # Whether the mod_security should inspect POST payloads
    SecFilterScanPOST On

    # Action to take by default
    SecFilterDefaultAction "deny,log,status:500"

    # Require HTTP_USER_AGENT and HTTP_HOST in all requests
    SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"

    # Prevent path traversal (..) attacks
    SecFilter "../"

    # Weaker XSS protection but allows common HTML tags
    SecFilter "<[[:space:]]*script"

    # Prevent XSS atacks (HTML/Javascript injection)
    SecFilter "<(.|n)+>"

    # Very crude filters to prevent SQL injection attacks
    SecFilter "delete[[:space:]]+from"
    SecFilter "insert[[:space:]]+into"
    SecFilter "select.+from"

    # Protecting from XSS attacks through the PHP session cookie
    SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
    SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"
    </IfModule>
     
  2. docbreed

    docbreed Well-Known Member

    Joined:
    Jul 18, 2005
    Messages:
    57
    Likes Received:
    0
    Trophy Points:
    156
    Same here.. last entry displayed here is from 2007-06-04 but has been working because i am receiving notices from csf via email.

    --Jeremy
     
  3. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,505
    Likes Received:
    1
    Trophy Points:
    318
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    We've only upgraded one Server to v11 but upon doing so, mod_sec which worked just fine previously showed last log date of 2006. Had to uninstall/reinstall to get it working right again.

    Make sure to have a backup of your Rules so you can paste them in again.


    Also, found it was a good idea to reinstall cPanel Pro as well. Perhaps it goes without saying that all previously installed Modules should be reinstalled?

    Note: v11 calls them Plugins whereas previous cPanel versions called them "Addon Modules", in case anyone was wondering. ;)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice