ModSecurity is an open source, cross-platform web application firewall (WAF) module. Known as the “Swiss Army Knife” of WAFs, it enables web application defenders to gain visibility into HTTP(S) traffic and provides a power rules language and API to implement advanced protections.
ModSecurity is a must-have module for your web hosting server. By default, it’s not enabled on CWP but we get a warning message:
Message id [1ed1025953b226625f2323f218e64682]: === SECURITY WARNING === Mod Security is NOT enabled on your server, click here to enable it!
To enable Mod Security in CWP:
- Log into CWP as root
- Navigate to Security->Mod Security. You will see a message here Mod Security configuration is: not installed
- Choose what rules do you want to use and click the Install Mod Security button.
You have three options for rules:
– OWASP old (Old rules which come as default with CWP)
– OWASP latest (Latest version of OWASP rules with automatic updates) [CWPpro required]
– Comodo WAF (Latest version of Comodo WAF rules with automatic updates) [CWPpro required] - Confirm at the dialog box that you really want to install Mod Security
- You will see a log of the installation and the message Mod Security Successfully Installed
- For general rules modifications, you can go anytime again to Security->Mod Security and look at the files:
Main Configuration –> /usr/local/apache/conf.d/mod_security.conf
Rules Configuration –> /usr/local/apache/modsecurity-owasp-old/owasp.conf
Disabled Rules –> /usr/local/apache/modsecurity-owasp-old/global_disabled_rules.conf - On the Mod Security page, you can also ass rules for individual domains/subdomains. Just choose the domain from the drop-down list and click the Modify user whitelist button.
The short video tutorial for this article:
Way too simple… Thanks… Ketan (www.halo.co.in)