Get your server issues fixed by our experts for a price starting at just 25 USD/Hour. Click here to register and open a ticket with us now!

Author Topic: Updated rules for mod security  (Read 4071 times)

0 Members and 1 Guest are viewing this topic.

Aby

  • Guest
Updated rules for mod security
« on: June 29, 2014, 03:02:16 pm »
Updated rules for mod security

To install mod_security, go to WHM => EasyApache (or alternatively via CLI, run /scripts/easyapache). After you select your Apache and PHP versions,

you'll be brought to the Short Options page. Select mod_security from the list, then proceed with the build.
When the build is done, mod_security will be installed. The files are kept in the following location:
/usr/local/apache/conf/modsec2.user.conf
Mod Security once installed, provides some default rules. The file with the rules resides under /usr/local/apache/conf/
The file modsec2.user.conf.default contains the rules which should be copied over to modsec2.user.conf

When hack attempts are identified by mod_security, they are logged in /usr/local/apache/logs/audit_log with the IP of the offender and what rule was violated.
*****************
Disabling Mod-Security for a single account
To disable the mod_security for a particular account, just add the following in the users .htaccess file
SecFilterEngine Off
SecFilterScanPOST Off

If mod_security2
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
****************************
SecPcreMatchLimit 50000
SecPcreMatchLimitRecursion 50000
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType (null) text/html text/plain text/xml
SecResponseBodyLimit 220621440
SecServerSignature Apache
SecUploadDir /var/asl/data/suspicious
SecUploadKeepFiles Off
SecAuditLogParts ABIFHZ
SecArgumentSeparator "&"
SecCookieFormat 0
SecRequestBodyLimit 220621440
SecRequestBodyInMemoryLimit 220621440
LimitRequestBody 0
LimitRequestBody 134217728
SecDataDir /var/asl/data/msa
SecTmpDir /tmp
SecAuditLogStorageDir /var/asl/data/audit
SecResponseBodyLimitAction ProcessPartial
Include /usr/local/apache/conf/modsec2.whitelist.conf
Include /usr/local/apache/conf/modsec_rules/*asl*.conf