Mod_Security is a widely used tool to prevent intrusion in your cPanel server but also to block common attacks. Mod_Security should be enabled on all cPanel servers. Running as a layer of protection between the end-user and your cPanel Server. This OpenSource program will block malicious IPs. Alert you to attempts to find weaknesses in your server and websites.
How Does Mod_Security Work?
Mod_Security works off rules so, if a user hits any of these rules their IP will become blacklisted in the server. Therefore, the IP will no longer be able to communicate with that server. The OWASP (Open Web Application Security Project) ModSecurityâ„¢ CRS (Core Rule Set) is provided by default. It will greatly improve the security of your cPanel Server. By using the default rules you can expect;
ModSecurity provides protection.
ModSecurity can run as an extra layer between the end-user and your website. Websites like High Availability WordPress Websites and Joomla are common target for attack. Especially if the webmaster does not keep the core website files and plugins updated.
Protection against operating system-level attack.
By Enabling Mod_Security you can provide added protection for your cPanel server against operating-system-level attacks.
Protection against DDoS Attacks.
Even though we can protect your server against DDoS attacks up to 1.7TB of bad traffic. ModSecurity can also provide effective protection against DDoS attacks through its rules.
But, used in conjunction with our DDoS protection you can keep your server online throughout an attack.
Enable Mod_Security In cPanel.
First, to enable Mod_Security in cPanel you need to ensure you have the Apache module this is done via Easy Apache 4, WHM > Home > Software > EasyApache 4. Select and compile the ModSecurity Apache module into your current build.
Next, in WHM > Home > Security Center > ModSecurity Vendors install the core ruleset and enable the configuration. At this point, the software will become active and start protecting your server.
Reviewing ModSecurity Hits
From the ModSecurity Tools page, you can see all the rules that have been hit. To access this interface navigate to WHM > Home > Security Center > ModSecurity Tools.
But, it’s possible some legitimate traffic is caught by ModSecurity rules. From this page, you can also disable and report rules that catch legitimate traffic.
