1. Main page
  2. Knowledgebase
  3. WHM
  4. Security Center
  5. ModSecurity™ Tools

Knowledgebase

ModSecurity™ Tools  Print this Article

Overview:

The ModSecurity™ Tools interface allows you to install and manage ModSecurity rules.

  • Click Rules List to view the Rules List section of the interface.

  • In the Rules List section of the interface, click Hits List to return to the Hits List section of the interface.

Important:

You must install the ModSecurity Apache module in order to use this interface. Use WHM’s EasyApache 4 interface (WHM >> Home >> Software >> EasyApache 4) or the yum install ea-apache24-mod_security2 command to install the ModSecurity Apache module.

Note:

EasyApache 4 loads the /etc/apache2/conf.d/modsec/modsec2.cpanel.conf and /etc/apache2/conf.d/modsec2.user.conf files as an include.

  • This file’s rules may still affect the way in which ModSecurity functions, which may result in false positives on your system.
  • If you see many false positives, check this file for custom rules.

Hits List

Use the Hits List section of the interface to view your server’s history of rule events. To edit or disable the ModSecurity rule that generated a hit, click Rule ID.

Report a rule

If you find a problem with a vendor’s rule, perform the following steps to report the issue to the rule’s vendor:

  1. Locate the hit that the rule generated in the Hits List and click More.

  2. Click Report this hit.

    Note:
    This option does not appear if the vendor does not accept reports.

     

  3. Enter your email address, the reason for the report, and any additional comments for the vendor.

  4. Click Review Report.

  5. Verify the information in your report and click Submit.

Rules List

Important:
To update the Apache server with your staged changes, click Deploy and Restart Apache at the top or bottom of the interface.
Note:
For more information about how to create your own ModSecurity rules, read GitHub’s ModSecurity Reference Manual documentation.

Filter rules

To filter the list of rules, click the Vendor button in the right corner of the table. Click the vendors that you wish to display in the Vendors menu and click Apply. To deselect a vendor, hold the Control key while you click the vendor.

Add a rule

To add a rule, perform the following steps:

  1. Click Add Rule. A new interface will appear.

  2. Enter the rule in the Rule Text text box.

  3. To enable the rule when you deploy the configuration, select the Enable Rule checkbox.

  4. To deploy the rule and restart Apache immediately, select the Deploy and Restart Apache checkbox.

  5. Click Save.

Edit a rule

To edit a rule, perform the following steps:

  1. Click Edit for the rule that you wish to update.

  2. Make the desired changes in the Rule Text text box.

  3. Click Save.

Note:

You cannot edit vendor rules. To remove all of a vendor’s rules from your system, use the ModSecurity Vendors interface (WHM >> Home >> Security Center >> ModSecurity™ Vendors).

Copy a rule

To copy a rule, perform the following steps:

  1. Click Copy for the rule that you wish to update.

  2. Make any desired changes in the Rule Text text box.

  3. Click Save.

Edit all rules

To edit all of your rules, perform the following steps.

  1. Click Edit Rules.

  2. Enter the desired changes in the Rules text box.

  3. Click Save.

Remember:

You cannot edit vendor rules. To remove all of a vendor’s rules from your system, use the ModSecurity Vendors interface (WHM >> Home >> Security Center >> ModSecurity™ Vendors).

Enable or disable a rule

To enable or disable a ModSecurity rule, click Enable or Disable in that rule’s row.

Delete a rule

To delete a rule, perform the following steps:

  1. Click Delete for the rule that you wish to delete.

  2. Click Delete to confirm your action.

Note:

You cannot delete vendor rules. To remove all of a vendor’s rules from your system, use the ModSecurity Vendors interface (WHM >> Home >> Security Center >> ModSecurity™ Vendors).

ModSecurity database script

To create the ModSecurity database manually, run the following command:

/usr/local/cpanel/scripts/setup_modsec_db

Was this answer helpful?

Related Articles

Apache mod_userdir Tweak
Overview: This interface allows you to disable the Apache mod_userdir module’s functionality for...
Compiler Access
Overview: This interface lets you manage your server’s C and C++ compiler user access. This can...
Configure Security Policies
Overview: The Configure Security Policies interface allows you to configure your security policy...
cPHulk Brute Force Protection
Overview: This interface allows you to configure cPHulk, a service that provides protection for...
Host Access Control
Overview: Warning: For users of CentOS 7, CloudLinux™ 7, and Red Hat® Enterprise Linux® 7 and...

  Tag Cloud

iPhone Android Phone Mobile Installatron Backup Clone Import Server Application uninstall Upgrade Edit View Introduction Backups word press wordpress staging dev site development site wp dev environment gmail mail client databases phpmyadmin ftp notepad++ host record host file windows mac weebly #gmail #email google e-mail

  Support

My Support Tickets Announcements Knowledgebase Downloads Network Status Open Ticket