ModSecurity Configuration

ModySecurity Configuration

This interface allows you to configure ModSecurity's global settings.

Note:

The system loads the /usr/local/apache/conf/modsec2.user.conf file as an include.

  • In previous versions of cPanel & WHM, EasyApache used this file as the default ruleset.
  • This file's rules may still affect the way in which ModSecurity functions, which may result in false positives on your system.
  • If you see many false positives, check this file for custom rules.

Configure Global Directives

Notes:

  • For more information about a setting or directive, click the directive name. 
  • After you make the desired changes, click Save at the bottom of the interface.

In this interface, you can configure the following settings:

Setting
Directive
Description
Audit Log Level SecAuditEngine

The Audit Log Level setting determines how the audit engine logs transactions. You can choose from the following options:

  • Log all transactions.
  • Do not log any transactions.
  • Only log noteworthy transations.
Connections Engine SecConnEngine

The Connections Engine setting determines how the connections engine processes rules. You can choose from the following options:

  • Process the rules.
  • Do not process the rules.
  • Process the rules in verbose mode, but do not execute disruptive actions.
Rules Engine SecRuleEngine

The Rules Engine setting determines how the rules engine processes rules. You can choose from the following options:

  • Process the rules.
  • Do not process the rules.
  • Process the rules in verbose mode, but do not execute disruptive actions.
Backend Compression SecDisableBackendCompression

The Backend Compression setting enables or disables backend compression, but does not affect frontend compression.

This setting defaults to Enabled.

Geolocation Database SecGeoLookupDb

The Geolocation Database setting allows you to specify the geolocation database's path.

Enter the desired path in the Geolocation Database text box.

Google Safe Browsing Database SecGsbLookupDb

The Google Safe Browsing Database setting allows you to specify the Google Safe Browsing Database's path.

Enter the desired path in the Google Safe Browsing Database text box.

Guardian Log SecGuardianLog

The Guardian Log setting allows you to pipe transaction log information to an external application for additional analysis.

Enter the path to the desired application in the Guardian Log text box.

Project Honey Pot Http:BL API Key SecHttpBlKey

The Project Honey Pot Http:BL API Key setting allows you to supply a Project Honey Pot API Key to use with the @rbl operator.

Enter the API key in the Project Honey Pot Http:BL API Key text box.

Perl Compatible Regular Expressions Library Match Limit SecPcreMatchLimit

The Perl Compatible Regular Expressions Library Match Limit setting determines the match limit for the PCRE library.

This setting defaults to 1500.

Perl Compatible Regular Expressions Library Match Limit Recursion SecPcreMatchLimitRecursion

The Perl Compatible Regular Expressions Library Match Limit Recursion setting determines the match limit recursion for the PCRE library.

This setting defaults to 1500.

  • 0 användare blev hjälpta av detta svar
Hjälpte svaret dig?

Relaterade artiklar

Apache mod_userdir Tweak

Apache mod_userdir Tweak The Apache mod_userdir Tweak interface allows you to prevent...

Compiler Access

Compiler Access This interface allows you to disable your users' access to the C and C++...

Configure Security Policies

Configure Security Polices The Configure Security Policies interface allows you to configure...

cPHulk Brute Force Protection

cPHulK Brute Force Protection This interface allows you to configure cPHulk, a service that...

Host Access Control

Host Access Control Warning: If you accidentally lock yourself out of WHM when you use this...