ModSecurity Tools

ModySecurity Tools

The ModSecurity Tools interface allows you to install and manage ModSecurity rules.

  • Click Rules List to view the Rules List section of the interface.
  • In the Rules List section of the interface, click Hits List to return to the Hits List section of the interface.

Important:

You must install the ModSecurity Apache module in order to use this interface. To install the ModSecurity Apache module, use WHM'sEasyApache 3 interface (Home >> Software >> EasyApache 3).

Note:

The system loads the /usr/local/apache/conf/modsec2.user.conf file as an include.

  • In previous versions of cPanel & WHM, EasyApache used this file as the default ruleset.
  • This file's rules may still affect the way in which ModSecurity functions, which may result in false positives on your system.
  • If you see many false positives, check this file for custom rules.

Hits List

Use the Hits List section of the interface to view your server's history of rule events. To edit or disable the ModSecurity rule that generated a hit, click Rule ID.

Report a rule

If you find a problem with a vendor's rule, perform the following steps to report the issue to the rule's vendor:

  1. Locate the hit that the rule generated in the Hits List and click More.
  2. Click  Report this hit.

    Note:

    This option does not appear if the vendor does not accept reports. 

  3. Enter your email address, the reason for the report, and any additional comments for the vendor.

  4. Click Review Report.

  5. Verify the information in your report and click Submit.

Rules List

Important:

To update the Apache server with your staged changes, click Deploy and Restart Apache at the top or bottom of the interface.

Note:

For more information about how to create your own ModSecurity rules, read GitHub's ModSecurity Reference Manual documentation.

Filter rules

To filter the list of rules, click the Vendor button in the right corner of the table. Click the vendors that you wish to display in the Vendors menu and click Apply. To deselect a vendor, hold the Control key while you click the vendor.

Add a rule

To add a rule, perform the following steps:

  1. Click Add Rule. A new interface will display.
  2. Enter the rule in the Rule Text text box.
  3. To enable the rule when you deploy the configuration, select the Enable Rule checkbox.
  4. To deploy the rule and restart Apache immediately, select the Deploy and Restart Apache checkbox.
  5. Click Save.

Edit a rule

To edit a rule, perform the following steps:

  1. Click Edit for the rule that you wish to update.
  2. Make the desired changes in the Rule Text text box.
  3. Click Save.

Note:

You cannot edit vendor rules. To remove all of a vendor's rules from your system, use the ModSecurity Vendors interface (Home >> Security Center >> ModSecurity™ Vendors).

Copy a rule

To copy a rule, perform the following steps:

  1. Click Copy for the rule that you wish to update.
  2. Make any desired changes in the Rule Text text box.
  3. Click Save.

Edit all rules

To edit all of your rules, perform the following steps.

  1. Click Edit Rules.
  2. Enter the desired changes in the Rules text box.
  3. Click Save.

Remember:

You cannot edit vendor rules. To remove all of a vendor's rules from your system, use the ModSecurity Vendors interface (Home >> Security Center >> ModSecurity™ Vendors).

Enable or disable a rule

To enable or disable a ModSecurity rule, click Enable or Disable in that rule's row.

Delete a rule

To delete a rule, perform the following steps:

  1. Click Delete for the rule that you wish to delete.
  2. Click Delete to confirm your action.

Note:

You cannot delete vendor rules. To remove all of a vendor's rules from your system, use the ModSecurity Vendors interface ( Home >> Security Center >> ModSecurity™ Vendors ).

ModSecurity database scripts

You can perform additional actions from the command line:

  • To reset the ModSecurity database user password, run the following command as the root user:

    /usr/local/cpanel/bin/modsecpass
  • Run the following command to access the ModSecurity database user password help file:

    /usr/local/cpanel/bin/modsecpass --help
  • To create the ModSecurity database manually, run the following command:

    /usr/local/cpanel/scripts/setup_modsec_db
  • 0 A felhasználók hasznosnak találták ezt
Hasznosnak találta ezt a választ?

Kapcsolódó cikkek

Apache mod_userdir Tweak

Apache mod_userdir Tweak The Apache mod_userdir Tweak interface allows you to prevent...

Compiler Access

Compiler Access This interface allows you to disable your users' access to the C and C++...

Configure Security Policies

Configure Security Polices The Configure Security Policies interface allows you to configure...

cPHulk Brute Force Protection

cPHulK Brute Force Protection This interface allows you to configure cPHulk, a service that...

Host Access Control

Host Access Control Warning: If you accidentally lock yourself out of WHM when you use this...

Powered by WHMCompleteSolution