The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mod_security

Discussion in 'Security' started by linuxprovider, Dec 20, 2007.

  1. linuxprovider

    linuxprovider Active Member

    Joined:
    Mar 4, 2004
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    egypt
    Dear All
    I have installed mod_security many times and every thing is ok
    but still no filtering i installed it by :
    WHM
    easyapache
    manual

    but no hope
    plz help
     
  2. salubrium

    salubrium Member

    Joined:
    Jun 11, 2003
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Sydney
    cPanel Access Level:
    Root Administrator
    Shafei,

    Come on, being a systems administrator you should provide a bit more detail than that. How do you know it's not filtering? If it's not filtering, then it's not ok.

    Did you install Apache 1.3.9 ? then check /etc/httpd/logs/audit_log
    Or if you installed 2.X, try /etc/http/logs/modsec_audit_log

    Now, if there's nothing in there, you need to know what rules are being applied, if any. Just because mod_sec is installed, it doesn't automatically mean that rules are being applied.

    So: cat /etc/httpd/conf/mod_sec.conf

    It should have a few details and a rule that says:

    Include /etc/httpd/conf/mod_sec.user.conf

    As a heads up, I suggest you go over to http://www.gotroot.com/ and find the rules for your mod_sec / Apache version, wget the bzip file to

    /etc/http/conf/modsec (mkdir if you need to)

    tar xjvf ....rules.tar.bz

    And then do include files to some of them - read around the forums to see which ones are safe. Make sure once you include them that you monitor your audit_log file to ensure it's not blocking legitimate requests.

    Cheers,
     
  3. bonjurkes

    bonjurkes Member

    Joined:
    Jul 3, 2005
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Hello,

    I have a similar question also, I just compiled apache with mod_security2 and add some rules via whm from some site i found.

    When i click mod security under plugins at whm, it shows just table says :

    Date Time IP GET Host Message Action

    and there is edit config at above of the table.

    But the table is empty. Does it mean there was no attack that mod security can block or is there a problem at somewhere?

    Is there a way to test if mod_security2 is working.

    And my apache is apache 2.2.6


    ps : there is no file at /etc/http/logs/modsec_audit_log

    or

    /etc/http/logs/modsec_audit_log
     
  4. linuxprovider

    linuxprovider Active Member

    Joined:
    Mar 4, 2004
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    egypt
    Thanks Dir salubrium
    I made these steps already . but still not working
    i tried to install it from easy apache . addon plugnis . manual
    by the way i had over 11 servers and just only that one mod_security not working
    i checked error log for each apache and mod_security .i got nothing

    please help
     
Loading...

Share This Page