About cPanel ModSecurity And How To Enable ModSecurity
ModSecurity is a widely used tool to detect and prevent intrusion in your cPanel server It’s also used to protect websites from common attacks. Running as a layer of protection between the end user and your cPanel server this OpenSource program will block malicious IPs and alert you to attempts to find weaknesses in your server and websites.
ModSecurity works off rules, if a user hits any of these rules their IP will become blacklisted in the server and they will no longer be able to communicate with that server. The OWASP (Open Web Application Security Project) ModSecurity™ CRS (Core Rule Set) provided by default will greatly improve the security of your system. By using the default rules you can expect;
- ModSecurity provides protection against insecure website design
ModSecurity can run as an extra layer between the end user and your website. Websites like WordPress and Joomla, which are a common target for attack especially if the webmaster does not keep the core website files and plugins updated can be protected when using ModSecurity when they would otherwise be compromised.
- Protection against operating system level attack
By Enabling ModSecurity can provide added protection for your cPanel server against operating system level attacks for example. If a security flaw is found in the operating system ModSecurity rules can protect against that flaw until a patch is released to fix the flaw
- Protection against DDOS Attacks
Even though we can protect your server against DDOS attacks up to 200TB in bad traffic ModSecurity can also provide effective protection against DDOS attacks through its rules. Used in conjunction with our DDOS protection you can keep your server online throughout an attack.
How To Enable ModSecurity In A cPanel Server
ModSecurity is packaged with cPanel by default but not enabled. First, to enable ModSecurity you need to ensure you have the Apache module this is done via Easy Apache 4, WHM > Home > Software > EasyApache 4. Select and compile the ModSecurity Apache module into your current build.
Next, in WHM > Home > Security Center > ModSecurity Vendors install the core ruleset and enable the configuration. At this point, the software will become active and start protecting your server.
Reviewing The ModSecurity Hits
From the ModSecurity Tools page, you can see all the rules that have been hit and the IPs that have been blacklisted in the server. To access this interface navigate to WHM > Home > Security Center > ModSecurity Tools. It’s possible some legitimate traffic is caught by ModSecurity rules. From this page, you can also disable and report rules that catch legitimate traffic.
How was this article? – About cPanel ModSecurity And How To Enable ModSecurity
More from cPanel
Understanding The Exim Log Files And Their LocationsOn cPanel servers the default mail program is Exim. Exim will handle anything …