New to mod_security, starter Qs

goldegonaz

Registered
Oct 30, 2013
4
0
1
cPanel Access Level
Website Owner
Hello! I just enabled mod_security and deployed the default config. And now I'm... :confused:

I have a few questions that I couldn't find the answers too. Not sure if this is asking too much, but can't hurt to ask :)

Does mod security display all blocks/access denied/not acceptable actions in the logs? Or do some actions such as 'Not acceptable' occur without your knowledge or making a record?

Also how do I block certain strings in a URL. For example I would like to block INSERTIMPMACROHERE - something automatically adds this to the end of URLs, how would I block all request with this in the URL?

In my htaccess to block a get attack I have the rule below, but it doesn't work globally because I have many htaccess files. So I'd like to add it to mod_security.

RewriteCond %{THE_REQUEST} \?13(\d+){11}\ [NC]
RewriteRule .* - [F]

How would I add that?

Lastly, how do I block all refers from a certain URL? So if someone/bot comes from baddomain.com, I can stop whatever they want to do/

That does sound like a lot to ask! So if anyone can just point me in the right direction maybe that would be a great help too!

Thanks!
 

cPanelPeter

Technical Analyst III
Staff member
Sep 23, 2013
575
21
143
cPanel Access Level
Root Administrator
Twitter
Hello,

cPanel/WHM can only support ModSecurity as far as installation is concerned. Since ModSecurity relies on various rules, and their options, we can not support the rules themselves. However, I recommend that you install the following 3rd party add on called ModSecurity Control ConfigServer ModSecurity Control

Also, I recommend the ModSec rules from Gotroot.com,
and follow the instructions on cPanel installation for people not using ASL.