Databáze řešení
ModSecurity™ Configuration Tisknout tento článek
Overview:
This interface allows you to configure ModSecurity’s global settings.
Note:
The system loads the /etc/apache2/conf.d/modsec2.user.conf
file as an include.
- In previous versions of cPanel & WHM, EasyApache used this file as the default ruleset.
- This file’s rules may still affect the way in which ModSecurity functions, which may result in false positives on your system.
- If you see many false positives, check this file for custom rules.
Configure Global Directives
Note:
- For more information about a setting or directive, click the directive name.
- After you make the desired changes, click Save at the bottom of the interface.
In this interface, you can configure the following settings:
Setting | Directive | Description |
---|---|---|
Audit Log Level | SecAuditEngine | This setting determines how the audit engine logs transactions. You can choose from the following options:
Warning:
We strongly recommend that you do not select this option. This option causes Apache to log every transaction, including your users’ and clients’ private data. The resulting log files will fill your system’s partitions quickly. Use this option only to debug your server.
|
Connections Engine | SecConnEngine | This setting determines how the connections engine processes rules. You can choose from the following options:
|
Rules Engine | SecRuleEngine | This setting determines how the rules engine processes rules. You can choose from the following options:
|
Backend Compression | SecDisableBackendCompression | This setting enables or disables backend compression, but does not affect frontend compression. This setting defaults to Enabled. |
Geolocation Database | SecGeoLookupDb | This setting allows you to specify the geolocation database’s path. Enter the desired path in the Geolocation Database text box. |
Google Safe Browsing Database | SecGsbLookupDb | This setting allows you to specify the Google Safe Browsing™ Database’s path. Enter the desired path in the Google Safe Browsing Database text box. |
Guardian Log | SecGuardianLog | This setting allows you to pipe transaction log information to an external application for additional analysis. Enter the path to the desired application in the Guardian Log text box. |
Project Honey Pot Http:BL API Key | SecHttpBlKey | This setting allows you to supply a Project Honey Pot API Key to use with the @rbl operator. Enter the API key in the Project Honey Pot Http:BL API Key text box. |
Perl Compatible Regular Expressions Library Match Limit | SecPcreMatchLimit | This setting determines the match limit for the PCRE library. This setting defaults to 1500 . |
Perl Compatible Regular Expressions Library Match Limit Recursion | SecPcreMatchLimitRecursion | This setting determines the match limit recursion for the PCRE library. This setting defaults to 1500 . |
Byla tato odpověď nápomocná?
Související články
Apache mod_userdir Tweak
Overview: This interface allows you to disable the Apache mod_userdir module’s functionality for...
Overview: This interface allows you to disable the Apache mod_userdir module’s functionality for...
Compiler Access
Overview: This interface lets you manage your server’s C and C++ compiler user access. This can...
Overview: This interface lets you manage your server’s C and C++ compiler user access. This can...
Configure Security Policies
Overview: The Configure Security Policies interface allows you to configure your security policy...
Overview: The Configure Security Policies interface allows you to configure your security policy...
cPHulk Brute Force Protection
Overview: This interface allows you to configure cPHulk, a service that provides protection for...
Overview: This interface allows you to configure cPHulk, a service that provides protection for...
Host Access Control
Overview: Warning: For users of CentOS 7, CloudLinux™ 7, and Red Hat® Enterprise Linux® 7 and...
Overview: Warning: For users of CentOS 7, CloudLinux™ 7, and Red Hat® Enterprise Linux® 7 and...