I was looking for easy to follow mod_security ruleset setup instructions for a cPanel server and found the following website: http://www.ukhost4u.com/blog/248/configuring-modsecurity-with-atomicorp-free-rule-sets/
I have a WHM/Cpanel server with CSF/LFD installed and mod_security enabled.
I used to login to WHM/cpanel from one of my local windows box through a linux (Centos 5)NAT gateway(with a public IP address) . On one day CSF/LFD on the server blocked my gateway from accessing it.
I'm going through a fresh mod_security on top of WHM/cPanel and have a question about syntax of adding rules via the "ModSecurity Tools" GUI interface. I go to security center -> modsecurity tools -> custom rules list -> add rule and am presented with a box to dump a ruleset in.
The question is, in WHM visual (GUI) rule-maker area, do I include the SecRule part on the rule or is that redundant?
Currently I'm looking into implementing mod_security on all our apache servers. The installation on CentOS 5.5 comes directly with the
"Core Rule Set" by the mod_security devs (curiously Debian and Ubuntu do not carry these)
They also offer the Enhanced Rule Set for mod_security in a commercial package
Mod_Security is free and open source web application firewall for Apache and Nginx. It is very useful for protecting your web server from various attacks by blocking most of the known exploits using regular expressions and rule sets. Mod_security can detect attacks by monitoring and analyzing the HTTP traffic in real time.