Overview

ModSecurity 3 is a robust web application firewall. It can be utilized on systems running both Apache and NGINX®. ModSecurity 3 functions as a library, requiring the installation of a compatible connector for your specific web server.

Compatibility

ModSecurity 3 is fully compatible with systems operating either Apache or NGINX.

Install ModSecurity 3

ModSecurity 3 can be installed using two primary methods:

In the Interface

Utilize the EasyApache 4 interface (WHM > Home > Software » EasyApache 4) to install the following packages:

  1. Install one of the following connectors:
    • ea-modsec30-connector-nginx — Install this package if your system runs NGINX.
    • ea-modsec30-connector-apache24 — Install this package if your system runs Apache.
  2. Install the ea-modsec30-rules-owasp-crs package — This package installs the OWASP rule set for ModSecurity 3.

On the Command Line

To install ModSecurity 3 via the command line, execute the following commands:

  1. Install one of the following connectors:
    • If your system runs NGINX, install the NGINX connector with the following command: 
      yum install ea-modsec30-connector-nginx
    • If your system runs Apache, install the Apache connector with the following command: 
      yum install ea-modsec30-connector-apache24
  2. Run the following command to install the OWASP rule set: 
    yum install ea-modsec30-rules-owasp-crs

Configuration Files

The system utilizes different configuration file locations based on the ModSecurity connector installed.

NGINX

If you install the NGINX connector, ModSecurity uses the following configuration files:

Path Description
/etc/nginx/conf.d/modsec30.conf This file contains your ModSecurity default configuration and Include directives for the modsec30.cpanel.conf and modsec30.user.conf files.
/etc/nginx/conf.d/modsec/modsec30.cpanel.conf This file contains custom configurations and rules defined within the cPanel & WHM user interface.
/etc/nginx/conf.d/modsec/modsec30.user.conf This file contains ModSecurity settings that cannot be configured via cPanel & WHM. Manual editing is required if you wish to utilize this file.

Important: Exercise caution when editing the modsec30.user.conf file, as incorrect modifications may lead to unexpected system behavior.
/etc/nginx/conf.d/modsec_vendor_configs/ This directory contains your ModSecurity vendor configurations.
/var/log/nginx/modsec30_audit/ This directory contains the ModSecurity log files.

Note: ModSecurity employs concurrent logging with NGINX.

Apache

If you install the Apache connector, ModSecurity uses the following configuration files:

Path Description
/etc/apache24/conf.d/modsec30.conf This file contains your ModSecurity default configuration and Include directives for the modsec2.cpanel.conf and modsec2.user.conf files.
/etc/apache2/conf.d/modsec2.cpanel.conf This file contains custom configurations and rules defined within the cPanel & WHM user interface.
/etc/apache2/conf.d/modsec/modsec2.user.conf This file contains ModSecurity settings that cannot be configured via cPanel & WHM. Manual editing is required if you wish to utilize this file.

Important: Exercise caution when editing the modsec2.user.conf file, as incorrect modifications may lead to unexpected system behavior.
/etc/apache2/logs/modsec_audit/ This directory contains the ModSecurity log files.

Note:

  • The Apache configuration file paths utilize modsec2 in their naming convention due to system limitations.
  • ModSecurity logs events concurrently in Apache when mod_ruid2 or mod_mpm_itk are installed. If these modules are not present, it defaults to serial logging.

ModSecurity Rules

The OWASP® ModSecurity Core Rule Set is provided for ModSecurity 3 rules via RPM. Installation of the ea-modsec30-rules-owasp-crs RPM is required to use this rule set.

Third-Party Rule Sets

You can only install a third-party rule set if it explicitly supports ModSecurity 3.

Attempting to install an unsupported rule set in WHM’s ModSecurity® Vendors interface (WHM » Home » Security Center » ModSecurity® Vendors) with ModSecurity 3 installed will result in the rule set being disabled, and an error will be displayed in the interface.

Rules Format

ModSecurity 3 employs a different rule format compared to ModSecurity 2.

Differences Between ModSecurity 2 and ModSecurity 3

There are several behavioral differences between ModSecurity 2 and ModSecurity 3.

Important: This list is not exhaustive.

Directives

ModSecurity 3 does not support the SecDataDir directive.

ModSecurity 3 with NGINX does not support the following directives:

  • SecConnEngine
  • SecDisableBackendCompression
  • SecDataDir
  • SecGsbLookupDb
  • SecGuardianLog

Response Codes

ModSecurity 3 with NGINX may return a 406 response code in situations where ModSecurity 2.9 would typically return a 403 response code.

Additional Documentation

War diese Antwort hilfreich? 0 Benutzer fanden dies hilfreich (0 Stimmen)

Populärste

How to Setup Email Accounts in cPanel

Setting Up Email Accounts in cPanelThis guide will walk you through the process of creating and...
Understand Workflow Triggers

Understanding Workflow Triggers for Metanow CRM Integrations Workflow triggers in Metanow CRM are...
ModSecurity® 3

ModSecurity® 3 - Metanow CRM ModSecurity® 3 Overview ModSecurity...
The Ultimate Guide to Voicemail: Everything You Need to Know

The Ultimate Guide to Voicemail: Everything You Need to Know Understanding Voicemail: A Brief...
Gain Insights into Every Association | Features

Gain Comprehensive Insights into Every Association | Metanow CRM Features Association Deep...