The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Question about Easyapache3 and mod_security

Discussion in 'EasyApache' started by noimad1, Oct 17, 2007.

  1. noimad1

    noimad1 Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    627
    Likes Received:
    0
    Trophy Points:
    16
    So I see that there is an option for mod_security in the easyapache3.

    I chose to install it on one server, but i was curious what rules it uses? Does it have it's own rules? Or does it just install the module, but no rules?

    What if I want to add my own rules to it?
     
  2. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    It does not come with any rules, it just installs the module. You can configure your own rules after it is installed by going to WHM -> Plugins -> Mod Security.
     
  3. noimad1

    noimad1 Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    627
    Likes Received:
    0
    Trophy Points:
    16

    Ah, thank you very much for the information. One more quick question about adding the rules there.

    Do I need to put the :

    with the rules in between in that area, or do I just put the rules themselves in there?

    SecFilter "pacotar\.txt"
     
  4. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    If you are running Apache 1.3, I would recommend the HostMerit rules - I like them.

    http://www.hostmerit.com/modsec.user.conf

    See this post regarding where else to get rules:

    http://forums.cpanel.net/showthread.php?t=71985&highlight=hostmerit

    If you are running Apache 2.x, I would suggest the rules from modsecurity.org or gotroot.com - The Hostmerit rules will not work on the Mod Security in Apache 2.x as they were designed for the Mod Security that runs on Apache 1.3

    As for figuring out how to incorporate those rules in, you need to do the legwork on that.

    Mike
     
  5. noimad1

    noimad1 Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    627
    Likes Received:
    0
    Trophy Points:
    16
    Mike,

    Thanks for the info. Yea, I've been using the hostmerit rules for quite some time.

    I've entered in the rules with the

    <IfModule mod_security.c>

    </IfModule>

    In there, and that seems to work.

    Thanks,
    Damion
     
Loading...

Share This Page