ModSecurity® 3

Overview

ModSecurity 3 serves as a web application firewall. It is compatible with systems running both Apache and NGINX®. As ModSecurity 3 operates as a library, a specific connector must be installed for your web server to enable its functionality.

Compatibility

ModSecurity 3 is fully compatible with systems that utilize either Apache or NGINX.

Install ModSecurity 3

ModSecurity 3 can be installed using two primary methods.

Installation via Metanow CRM Interface

Utilize the Metanow CRM interface to install the necessary packages. Navigate to Metanow CRM > Home > Software » EasyApache 4.

  1. Install one of the appropriate connectors:
    • ea-modsec30-connector-nginx — Select this package if your system is running NGINX.
    • ea-modsec30-connector-apache24 — Choose this package if your system uses Apache.
  2. Install the ea-modsec30-rules-owasp-crs package to deploy the OWASP rule set for ModSecurity 3.

Command Line Installation

To install ModSecurity 3 using the command line, execute the following commands:

  1. Install the relevant connector:
    • For NGINX systems, use the command: 
      yum install ea-modsec30-connector-nginx
    • For Apache systems, use the command: 
      yum install ea-modsec30-connector-apache24
  2. Execute the following command to install the OWASP rule set: 
    yum install ea-modsec30-rules-owasp-crs

Configuration Files

The location of ModSecurity configuration files varies depending on the specific connector utilized.

NGINX Configuration

When the NGINX connector is installed, ModSecurity uses the following configuration files:

Path Description
/etc/nginx/conf.d/modsec30.conf This file contains your ModSecurity default configuration and Include directives for the following modsec30.cpanel.conf and modsec30.user.conf files.
/etc/nginx/conf.d/modsec/modsec30.cpanel.conf This file contains the custom configurations and rules you defined in the Metanow CRM user interface.
/etc/nginx/conf.d/modsec/modsec30.user.conf This file contains any ModSecurity settings that you cannot set via Metanow CRM. You must edit this file manually if you wish to use it.

Important:

Use caution when you edit the modsec30.user.conf file, as unexpected results may occur.
/etc/nginx/conf.d/modsec_vendor_configs/ This directory contains your ModSecurity vendor configurations.
/var/log/nginx/modsec30_audit/ This directory contains the ModSecurity log files.

Note: ModSecurity employs concurrent logging when integrated with NGINX.

Apache Configuration

For systems with the Apache connector installed, ModSecurity utilizes the following configuration files:

Path Description
/etc/apache24/conf.d/modsec30.conf This file contains your ModSecurity default configuration and Include directives for the following modsec2.cpanel.conf and modsec2.user.conf files.
/etc/apache2/conf.d/modsec2.cpanel.conf This file contains the custom configurations and rules you defined in the Metanow CRM user interface.
/etc/apache2/conf.d/modsec/modsec2.user.conf This file contains any ModSecurity settings that you cannot set via Metanow CRM. You must edit this file manually if you wish to use it.

Important:

Use caution when you edit the modsec2.user.conf file, as unexpected results may occur.
/etc/apache2/logs/modsec_audit/ This directory contains the ModSecurity log files.

Note:

  • Apache configuration file paths incorporate modsec2 in their naming due to system limitations.
  • ModSecurity logs events concurrently in Apache when mod_ruid2 or mod_mpm_itk are present. If these modules are not installed, serial logging is used.

ModSecurity Rules

Metanow CRM provides the OWASP® ModSecurity core rule set for ModSecurity 3 rules via RPM. Installation of the ea-modsec30-rules-owasp-crs RPM is required to utilize this feature.

Third-Party Rule Sets

Third-party rule sets can only be installed if they explicitly support ModSecurity 3.

Attempting to install an unsupported rule set within the Metanow CRM's ModSecurity® Vendors interface (Metanow CRM » Home » Security Center » ModSecurity® Vendors) while ModSecurity 3 is active will result in the rule set being disabled and an error message displayed in the interface.

Rules Format

ModSecurity 3 employs a different rule formatting structure compared to ModSecurity 2.

Key Differences Between ModSecurity 2 and ModSecurity 3

Several key behavioral differences exist between ModSecurity 2 and ModSecurity 3.

Important: This list is not exhaustive.

Directives

ModSecurity 3 does not support the SecDataDir directive.

When used with NGINX, ModSecurity 3 also does not support the following directives:

  • SecConnEngine
  • SecDisableBackendCompression
  • SecDataDir
  • SecGsbLookupDb
  • SecGuardianLog

Response Codes

ModSecurity 3, when used with NGINX, might issue a 406 response code in scenarios where ModSecurity 2.9 would have returned a 403 response code.

Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

How to Setup Email Accounts in cPanel

Setting Up Email Accounts in cPanelThis guide will walk you through the process of creating and...
Understand Workflow Triggers

Understanding Workflow Triggers for Metanow CRM Integrations Workflow triggers in Metanow CRM are...
The Ultimate Guide to Voicemail: Everything You Need to Know

The Ultimate Guide to Voicemail: Everything You Need to Know Understanding Voicemail: A Brief...
Gain Insights into Every Association | Features

Gain Comprehensive Insights into Every Association | Metanow CRM Features Association Deep...
NGINX® Standalone

NGINX Standalone on cPanel & WHM Servers: Installation and Configuration...