New to mod_security, starter Qs

[goldegonaz]

Hello! I just enabled mod_security and deployed the default config. And now I'm...

I have a few questions that I couldn't find the answers too. Not sure if this is asking too much, but can't hurt to ask

Does mod security display all blocks/access denied/not acceptable actions in the logs? Or do some actions such as 'Not acceptable' occur without your knowledge or making a record?

Also how do I block certain strings in a URL. For example I would like to block INSERTIMPMACROHERE - something automatically adds this to the end of URLs, how would I block all request with this in the URL?

In my htaccess to block a get attack I have the rule below, but it doesn't work globally because I have many htaccess files. So I'd like to add it to mod_security.

RewriteCond %{THE_REQUEST} \?13(\d+){11}\ [NC]
RewriteRule .* - [F]

How would I add that?

Lastly, how do I block all refers from a certain URL? So if someone/bot comes from baddomain.com, I can stop whatever they want to do/

That does sound like a lot to ask! So if anyone can just point me in the right direction maybe that would be a great help too!

Thanks!

 

[cPanelPeter]

Hello,

cPanel/WHM can only support ModSecurity as far as installation is concerned. Since ModSecurity relies on various rules, and their options, we can not support the rules themselves. However, I recommend that you install the following 3rd party add on called ModSecurity Control ConfigServer ModSecurity Control

Also, I recommend the ModSec rules from Gotroot.com,
and follow the instructions on cPanel installation for people not using ASL.

 

[georgeb]

Start reading this first: Blocking Common Attacks using ModSecurity 2.5: Part 1 | Packt Publishing



Regards