Server Firewalls . . . Is One Enough?

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,912
2,241
363
Hello :)

Yes, utilizing Mod_Security can help protect against web application attacks. You can enable Mod_Security through EasyApache. Our documentation on it is available at:

cPanel - Mod_Security

Thank you.
 

24x7server

Well-Known Member
Apr 17, 2013
1,896
91
78
India
cPanel Access Level
Root Administrator

quietFinn

Well-Known Member
Feb 4, 2006
1,092
44
178
Finland
cPanel Access Level
Root Administrator
Well I'd also like to strongly recommend that but Mod_Security is also a great choice.
Maybe it's good to point out that ModSecurity is a web application firewall, and ConfigServer ModSecurity Control is a tool to control and configure ModSecurity.
If ModSecurity is not installed, then ConfigServer ModSecurity Control is totally useless.
 

JaredR.

Well-Known Member
Feb 25, 2010
1,834
23
143
Houston, TX
cPanel Access Level
Root Administrator
Note that mod_security is not a firewall. It is an Apache module intended to increase the security of Web sites. It is not the same, and does not have the same intended purpose, as an actual firewall.

Also note that the iptables firewall is built into the Linux kernel and is present on all modern Linux systems. CSF is just a front-end for configuring it. iptables syntax can be very complex, so Web-based configuration tools like CSF are very popular for putting a user-friendly interface on it. What CSF is really doing, though, is configuring the iptables firewall that is built into the Linux kernel.
 

Serra

Well-Known Member
Oct 27, 2005
258
17
168
Florida
Thanks for the help all! I did realize that, I installed ModSecurity first, and then added the ConfigServer ModSecurity Control.
The value of ConfigServer ModSecurity Control is that it allows you to quickly turn mod_security off for testing issues and also allows you to bypass specific rules on a server wide basis or on an account specific basis. Both are very helpful.

Also it gives you a good way to access the mod_security log.