Check website attacks in ModSecurity WHM
ModSecurity is already installed with WHM but you need to configure it before it can start working properly.
Once configured login to your WHM panel. Click ‘ModSecurity Configuration’ with in Security Center.
By default the hundred of modsecurity rules are default enabled in the WHM by ModSecurity™ Vendors.
If you want to know the Rules list >> Security Center >> ModSecurity™ Tools >> Rules List
Once clicked you can see the numerous rules sets.
Test rule and view the logs
For example – Someone perform any vulnerability scripts, plugins or themes if the modsecurity rule ID matches the strings in Rules, it will block the web request and report to the logs.
The website through error as “404 page not found” like below.
As you can see in the image below that the attack we just simulated is logged inside WHM, just click ‘ModSecurity Tools’ under security center and you can see all the attack logs. You can see following details about the attack:
- URL For the web attack.
- How was this request handled.
- Which rule this attack matched against.
How to white list the ModSecurity rule ID
First you have install the plugin “ConfigServer ModSecurity Control” in WHM panel by using below steps.
Download and install cmc “ConfigServer ModSecurity Control”
cd /usr/src rm -fv /usr/src/cmc.tgz wget http://download.configserver.com/cmc.tgz tar -xzf cmc.tgz cd cmc sh install.sh rm -Rfv /usr/src/cmc*
Login to WHM and scroll to the bottom of the left hand menu and you should see “ConfigServer ModSecurity Control”
You can add ModSecurity rule ID numbers that you want to be globally disabled.
Alternatively, you can disable rules on a per cPanel account or per domain basis by selecting a user.
Else If you wants whitelist the rule ID for particular domain name, Follow the below Steps
Click the domain name “orissawebtesting.com” >> Modify user whitelist >> It will redirects to another page.
There enter the rule Id Which you wants to enable it >> Click “Save whitelist for all orissawebtest domains.
Once you clicked, it take some time for REBUILDING and RESTARTING the Apache.
Once Apache Restarted >> You can see the success message as above >> Now all done.
Now your website will load fine and you can perform the back-end processes.
Now that you can know the step whitelist the ModSecurity rule ID.