Automated attack bots bombard web apps with malicious requests as soon they go online. Attackers target every website and ecommerce store eventually, hoping to find a vulnerability they can exploit to inject code, misuse resources, or steal data. In 2019, bad bots generated a quarter of all web traffic. cPanel & WHM includes many features that help web hosts and site administrators to repel bad bots, including the ModSecurity web application firewall (WAF).
cPanel & WHM has supported ModSecurity 2 for many years, and in cPanel 92, we introduced support for ModSecurity 3. It should be emphasized that ModSecurity 3 support is experimental, but it offers a couple of significant advantages:
- ModSecurity 3 is faster than earlier versions.
- It does not depend on Apache and can be used with other web servers, including NGINX.
In this article, we’re going to look at what ModSecurity does and how you can install and configure ModSecurity 3 on cPanel & WHM.
What Is Apache ModSecurity and How Does It Work?
ModSecurity is a web application firewall. It monitors incoming web traffic for threats in real-time, blocking malicious connections before they reach applications. ModSecurity is a rule-based firewall; it compares requests to a list of rules, looking for patterns that match attacks such as SQL injection, session hijacking, cross-site scripting, and more.Rules are typically provided as a rule set created by a third party, although users can add their own. The Open Web Application Security Project® (OWASP) Core Rule Set is the most widely used. It includes rules that protect web apps against a wide range of threats, including the OWASP Top Ten, a regularly updated list of the most common attacks.You may be wondering how web-application firewalls differ from the network firewall your server already has. Do you need both? Network firewalls protect servers from malicious traffic at the network layer, as discussed in ‌How To Survive a DDoS Attack, which explains how to install and configure the Config Server Security Firewall (CSF) with cPanel & WHM.Network firewalls like CSF can’t filter attacks against web applications because they look like legitimate web requests. In contrast, WAFs are specialized to work at the application layer, identifying potentially harmful HTTP requests. If you host web apps on your cPanel server, it’s a good idea to use both a network firewall like CSF and a WAF like ModSecurity.
How to Install ModSecurity in cPanel
To install ModSecurity 3, you will need root access to your server, both on the command line with SSH and in WHM. Because ModSecurity 3 support is experimental, you must first install the EasyApache4 experimental repository.Log in to your server with SSH and run the following command:
yum install ea4-experimental
Next, we’ll install the connector that allows ModSecurity to work with a web server. We provide two connectors, one for Apache and one for NGINX. They can be installed in the shell or WHM.First, you’ll need to uninstall ModSecurity 2:
yum remove ea-apache24-mod_security2
In the shell, install the relevant connector with one of:
yum install ea-modsec30-connector-apache24 yum install ea-modsec30-connector-nginx