ModSecurity® Tools
Valid for versions 82 through the latest version
Version:
82
Last modified: March 25, 2024
Overview
The ModSecurity® Tools interface allows you to install and manage ModSecurity rules.
-
Click Rules List to view the Rules List section of the interface.
-
In the Rules List section of the interface, click Hits List to return to the Hits List section of the interface.
You must install the ModSecurity Apache module in order to use this interface. Use WHM’s EasyApache 4 interface (WHM » Home » Software » EasyApache 4) or your package manager to install the ModSecurity Apache module.
EasyApache 4 loads the /etc/apache2/conf.d/modsec/modsec2.cpanel.conf and /etc/apache2/conf.d/modsec/modsec2.user.conf files as an include.
- This file’s rules may still affect the way in which ModSecurity functions, which may result in false positives on your system.
- If you see many false positives, check this file for custom rules.
Hits List
Use the Hits List section of the interface to view your server’s history of rule events. To edit or disable the ModSecurity rule that generated a hit, click Rule ID.
The Hits List shows only the most relevant hit for individual requests. You must check the logs to see a full history of rule events. For more information on event logs, read our Apache Module Modsecurity Configuration documentation.
Report a rule
If you find a problem with a vendor’s rule, perform the following steps to report the issue to the rule’s vendor:
-
Locate the hit that the rule generated in the Hits List and click More.
-
Click Report this hit.
Note:This option does not appear if the vendor does not accept reports. -
Enter your email address, the reason for the report, and any additional comments for the vendor.
-
Click Review Report.
-
Verify the information in your report and click Submit.
Rules List
Filter rules
To filter the list of rules, click the Vendor button in the right corner of the table. Click the vendors that you wish to display in the Vendors menu and click Apply. To deselect a vendor, hold the Control key while you click the vendor.
Add a rule
To add a rule, perform the following steps:
-
Click Add Rule. A new interface will appear.
-
Enter the rule in the Rule Text text box.
-
To enable the rule when you deploy the configuration, select the Enable Rule checkbox.
-
To deploy the rule and restart Apache immediately, select the Deploy and Restart Apache checkbox.
-
Click Save.
Edit a rule
To edit a rule, perform the following steps:
-
Click Edit for the rule that you wish to update.
-
Make the desired changes in the Rule Text text box.
-
Click Save.
You cannot edit vendor rules. To remove all of a vendor’s rules from your system, use the ModSecurity® Vendors interface (WHM » Home » Security Center » ModSecurity® Vendors).
Copy a rule
To copy a rule, perform the following steps:
-
Click Copy for the rule that you wish to update.
-
Make any desired changes in the Rule Text text box.
-
Click Save.
Edit all rules
To edit all of your rules, perform the following steps.
-
Click Edit Rules.
-
Enter the desired changes in the Rules text box.
-
Click Save.
You cannot edit vendor rules. To remove all of a vendor’s rules from your system, use the ModSecurity® Vendors interface (WHM » Home » Security Center » ModSecurity® Vendors).
Enable or disable a rule
To enable or disable a ModSecurity rule, click Enable or Disable in that rule’s row.
Delete a rule
To delete a rule, perform the following steps:
-
Click Delete for the rule that you wish to delete.
-
Click Delete to confirm your action.
You cannot delete vendor rules. To remove all of a vendor’s rules from your system, use the ModSecurity® Vendors interface (WHM » Home » Security Center » ModSecurity® Vendors).
ModSecurity database script
To create the ModSecurity database manually, run the following command:
/usr/local/cpanel/scripts/setup_modsec_db