The ModSecurity™ Tools interface allows you to install and manage ModSecurity rules.
- Click Rules List to view the Rules List section of the interface.
- In the Rules List section of the interface, click Hits List to return to the Hits List section of the interface.
Important:
You must install the ModSecurity Apache module in order to use this interface. To install the ModSecurity Apache module, use WHM'sEasyApache 3 interface (Home >> Software >> EasyApache 3).
Note:
The system loads the /usr/local/apache/conf/modsec2.user.conf
file as an include.
- In previous versions of cPanel & WHM, EasyApache used this file as the default ruleset.
- This file's rules may still affect the way in which ModSecurity functions, which may result in false positives on your system.
- If you see many false positives, check this file for custom rules.
Hits List
Use the Hits List section of the interface to view your server's history of rule events. To edit or disable the ModSecurity rule that generated a hit, click Rule ID.
Report a rule
If you find a problem with a vendor's rule, perform the following steps to report the issue to the rule's vendor:
- Locate the hit that the rule generated in the Hits List and click More.
-
Click Report this hit.
Note:
This option does not appear if the vendor does not accept reports.
- Enter your email address, the reason for the report, and any additional comments for the vendor.
- Click Review Report.
- Verify the information in your report and click Submit.
Rules List
Important:
To update the Apache server with your staged changes, click Deploy and Restart Apache at the top or bottom of the interface.
Note:
For more information about how to create your own ModSecurity rules, read GitHub's ModSecurity Reference Manual documentation.
Filter rules
To filter the list of rules, click the Vendor button in the right corner of the table. Click the vendors that you wish to display in the Vendors menu and click Apply. To deselect a vendor, hold the Control key while you click the vendor.
Add a rule
To add a rule, perform the following steps:
- Click Add Rule. A new interface will display.
- Enter the rule in the Rule Text text box.
- To enable the rule when you deploy the configuration, select the Enable Rule checkbox.
- To deploy the rule and restart Apache immediately, select the Deploy and Restart Apache checkbox.
-
Click Save.
Edit a rule
To edit a rule, perform the following steps:
- Click Edit for the rule that you wish to update.
- Make the desired changes in the Rule Text text box.
-
Click Save.
Note:
You cannot edit vendor rules. To remove all of a vendor's rules from your system, use the ModSecurity Vendors interface (Home >> Security Center >> ModSecurity™ Vendors).
Copy a rule
To copy a rule, perform the following steps:
- Click Copy for the rule that you wish to update.
- Make any desired changes in the Rule Text text box.
- Click Save.
Edit all rules
To edit all of your rules, perform the following steps.
- Click Edit Rules.
- Enter the desired changes in the Rules text box.
-
Click Save.
Remember:
You cannot edit vendor rules. To remove all of a vendor's rules from your system, use the ModSecurity Vendors interface (Home >> Security Center >> ModSecurity™ Vendors).
Enable or disable a rule
To enable or disable a ModSecurity rule, click Enable or Disable in that rule's row.
Delete a rule
To delete a rule, perform the following steps:
- Click Delete for the rule that you wish to delete.
-
Click Delete to confirm your action.
Note:
You cannot delete vendor rules. To remove all of a vendor's rules from your system, use the ModSecurity Vendors interface ( Home >> Security Center >> ModSecurity™ Vendors ).
ModSecurity database scripts
You can perform additional actions from the command line:
-
To reset the ModSecurity database user password, run the following command as the
root
user:/usr/local/cpanel/bin/modsecpass
-
Run the following command to access the ModSecurity database user password help file:
/usr/local/cpanel/bin/modsecpass --help
-
To create the ModSecurity database manually, run the following command:
/usr/local/cpanel/scripts/setup_modsec_db