ModSecurity is a web application firewall that provides script request filtering to prevent poor or malicious coding from being executed or exploited on a Linux server. This module is easily installed when running a cPanel server by using the EasyApache application and is highly recommended to enhance your server’s security. Install GotRoot ModSecurity rules on a cPanel server and you further enhance the effectiveness of this application, as the default rule set provide by Mode Security is pretty basic.
The GotRoot rules compiled by Atomicorp dramatically improve ModSecurity’s effectiveness while reducing false positives, and Atomicorp provide a free release of these rules(delayed by at least 90 days) which are relatively easy to install.
To install GotRoot ModSecurity rules on a cPanel server, login to your server via SSH as root and then perform the following steps
1. First create required directories
2. Change permissions for folders(cPanel)
chown nobody.nobody /var/asl/data/msa
chown nobody.nobody /var/asl/data/audit
chown nobody.nobody /var/asl/data/suspicious
chmod o-rx -R /var/asl/data/*
chmod ug+rwx -R /var/asl/data/*
3. Upload rules to /etc/httpd/modsecurity.d – (include the .conf files listed below as well as .txt files)
4. Add the following lines to the user configuration file - (/usr/local/apache/conf/modsec2.user.conf)
SecResponseBodyMimeType (null) text/html text/plain text/xml
Add the following to the php.ini file to avoid PCRE errors:
pcre.backtrack_limit = 50000
pcre.recursion_limit = 50000