I would like to run a simple test to see if ModSecurity is indeed working on my cpanel install. I noticed the wget test on
http://www.atomicorp.com/wiki/index.php ... ules#Notes
but I am not sure if that test will work for the rules included for the cpanel install.
Test ModSecurity Cpanel Install
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Test ModSecurity Cpanel Install
Do you mean the default cpanel modsecurity rules? I dont think they stop that kind of attack.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: Test ModSecurity Cpanel Install
This is listed at the default for cpanel. I would like to test somehow that they are working. The wget test did not work for me, should it have? If not, what would be another test?
Code: Select all
SecRequestBodyAccess On
SecAuditLogType Concurrent
SecResponseBodyAccess On
SecResponseBodyMimeType (null) text/html text/plain text/xml
SecResponseBodyLimit 2621440
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecServerSignature Apache
SecUploadDir /var/asl/data/suspicious
SecUploadKeepFiles Off
SecAuditLogParts ABIFHZ
SecArgumentSeparator "&"
SecCookieFormat 0
SecRequestBodyInMemoryLimit 131072
SecDataDir /var/asl/data/msa
SecTmpDir /tmp
SecAuditLogStorageDir /var/asl/data/audit
SecResponseBodyLimitAction ProcessPartial
Include /usr/local/apache/conf/modsec_rules/10_asl_antimalware.conf
Include /usr/local/apache/conf/modsec_rules/10_asl_rules.conf
Include /usr/local/apache/conf/modsec_rules/20_asl_useragents.conf
Include /usr/local/apache/conf/modsec_rules/30_asl_antispam.conf
Include /usr/local/apache/conf/modsec_rules/50_asl_rootkits.conf
Include /usr/local/apache/conf/modsec_rules/60_asl_recons.conf
Include /usr/local/apache/conf/modsec_rules/99_asl_jitp.conf
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Test ModSecurity Cpanel Install
Oh, I apologize I misunderstood you. You mean *our* modsecurity configuration using *our* rules. Yes, our rules stop that attack, and that test procedure will work provided you installed and configured modsecurity exactly as described in this document:
https://www.atomicorp.com/wiki/index.ph ... rity_Rules
You'll find the test procedure here:
https://www.atomicorp.com/wiki/index.ph ... are_loaded
https://www.atomicorp.com/wiki/index.ph ... rity_Rules
You'll find the test procedure here:
https://www.atomicorp.com/wiki/index.ph ... are_loaded
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone