How To enable ModSecurity in cPanel | Dedicated Server?

ModSecurity is an open-source web-based firewall application . It is supported by different web servers. Follow the below procedure to enable the ModSecurity for your domains,

1. Login to your cPanel
2. Under Security
3. ModSecurity

(i) Configure All Domains

You can enable/disable ModSecurity for your all domains.

(ii)Configure Individual Domains

You can enable ModSecurity for particular domains.

4. Status : On — > ModSecurity is enabled
Status : Off — > ModSecurity is disabled

Modsecurity is configured to protect web applications from various attacks and it supports flexible rule engine to perform both simple and complex operations. It comes with a Core Rule Set which has various rules for:

[1] Cross website scripting
[2] bad user agents
[3] SQL injection
[4] Trojans
[5] Session hijacking
[6] Other exploits

Modsecurity Errors:-
——————

The most common error triggered by a mod_security rule on servers is 403 Forbidden one. It simply states that you do not have permission to access / on the server. Depending on the exact link where you get the error, the path may vary. Sometimes, due to poor website coding, mod_security may incorrectly determine that a certain request is malicious, while it is actually legitimate. When it happens, you still get a 403 error.

NOTE: Besides the 403 Forbidden error, you may also receive 404 Not Found or 500 Internal Server Error errors.