Installing Configserver’s ModSecurity Control Plugin on Your Server

ModSecurity is a web application firewall (WAF). It is deployed to established increased external security to detect and prevent attacks before they reach your web applications. ModSecurity allows for http traffic monitoring and real-time analysis with very few changes to the existing infrastructure.

ModSecurity is deployed as part of your existing server infrastructure on Apache, IIS7 or Nginx servers. You can use only the features you need and deploy ModSec in increments.

Install ModSecurity

1. In order to enable ModSecurity, Apache2 will need to be compiled with UniqueID and mod_security needs to be checked as well. If both are compiled correctly, you will see the following lines in the httpd.conf:
   

   LoadModule security2_module modules/mod_security2.so
   include "/usr/local/apache/conf/modes2.conf"

   
   
   
   
   
   
   
   
   
   
   

   Note:

   If you can’t find the LoadModule statement in the httpd.conf file, check the modsec2.conf file.

   
   
2. Next, install ModSec rules:
   

   yum install lp-modsec2-rules.noarch

   
   
3. Then install the rules on CentOS 6
   

   yum install lp-modsec2-rules.noarch

   
   

Install Plugin for WHM

Installing the ModSecurity Plugin for WHM is done through CMC, Configserver’s ModSec Control plugin. It is a free plugin and makes whitelisting problem ModSec rules easy.

1. Download and install CMC from Github. Follow the directions on the Github page to install CMC.
   
2. The plugin automatically adds the following lines to /usr/local/apache2/conf/modsec2.user.conf:
   

   # ConfigServer ModSecurity whitelist file
   Include /usr/local/apache2/conf/modsec2/whitelist.conf

   
   
3. Once you have downloaded and installed the plugin, you can log into WHM to configure the plugin and whitelist rules. For information on how to navigate and use the ModSecurity plugin for WHM, see our article Getting Started with Configserver’s ModSecurity Control Plugin.