Install and Configure ModSecurity

What is ModSecurity?

ModSecurity™ is a web application firewall (WAF). With over 70% of all attacks now carried out over the web application level, organizations need every help they can get in making their systems secure. WAFs are deployed to establish an external security layer that increases security, and detects and prevents attacks before they reach web applications. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with little or no changes to existing infrastructure.

Install ModSecurity

ModSecurity is installed by default with cPanel servers via EasyApache. Your ModSecurity logs will be located at /usr/local/apache/logs/audit_log. 

Configuring ModSecurity

1. Log in to WHM

2. Click Add-Ons

3. Click ModSecurity

4. Click Edit

5. Add your ModSecurity rules

   Some basic rules to start with (you can go ahead and copy and paste these if you want):

   SecFilter "bcc:|Bcc:|BCc:|BCC:|bCc:|bCC:|bcC:|BcC:" chain
   SecFilter "[A-Z0-9._%-]+@[A-Z0-9._%-]+\.[A-Z]{2,4}\,\x20[A-Z0-9._%-]+@[A-Z0-9._%-]+\.[A-Z]{2,4}"

    

For ModSecurity documentation, please visit their website.