Thursday 20 March 2014

What is mod_security?


ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.

You can install or upgrades are performed automatically when you run EasyApache /scripts/easyapache

Once enabled easyapache, goto WHM -> Plugins -> Mod Security ->Edit Config

click  default rules

Mod security configuration will included in /etc/httpd/conf/httpd.conf apache file.

Include “/usr/local/apache/conf/modsec2.conf”

Use the following link for more about mod security options and rules.

http://www.modsecurity.org/documentation/modsecurity-apache/2.5.5/modsecurity2-apache-reference.html#N109A9

Here are some important things to know when you change between ModSecurity versions:
Upgrades are performed automatically when you run EasyApache
The ModSecurity Activity Viewer in WHM complies easily
The rule editor in WHM will automatically work with the installed version of ModSecurity’s rules.

Rule syntax is completely different and located in different locations. When you migrate between major version numbers of ModSecurity, your mod_security 1 rules will need to be redone in mod_security 2 and vice versa.

No comments:

Post a Comment