Test ModSecurity Cpanel Install

[DustinO]

I would like to run a simple test to see if ModSecurity is indeed working on my cpanel install. I noticed the wget test on

http://www.atomicorp.com/wiki/index.php ... ules#Notes

but I am not sure if that test will work for the rules included for the cpanel install.

[mikeshinn]

Do you mean the default cpanel modsecurity rules? I dont think they stop that kind of attack.

[DustinO]

This is listed at the default for cpanel. I would like to test somehow that they are working. The wget test did not work for me, should it have? If not, what would be another test?

Code: Select all

SecRequestBodyAccess On
 SecAuditLogType Concurrent
 SecResponseBodyAccess On
 SecResponseBodyMimeType (null) text/html text/plain text/xml
 SecResponseBodyLimit 2621440
 SecAuditLogRelevantStatus "^(?:5|4(?!04))"
 SecServerSignature Apache
 SecUploadDir /var/asl/data/suspicious
 SecUploadKeepFiles Off
 SecAuditLogParts ABIFHZ
 SecArgumentSeparator "&"
 SecCookieFormat 0
 SecRequestBodyInMemoryLimit 131072
 SecDataDir /var/asl/data/msa
 SecTmpDir /tmp
 SecAuditLogStorageDir /var/asl/data/audit
 SecResponseBodyLimitAction ProcessPartial
  
 Include /usr/local/apache/conf/modsec_rules/10_asl_antimalware.conf
 Include /usr/local/apache/conf/modsec_rules/10_asl_rules.conf
 Include /usr/local/apache/conf/modsec_rules/20_asl_useragents.conf
 Include /usr/local/apache/conf/modsec_rules/30_asl_antispam.conf
 Include /usr/local/apache/conf/modsec_rules/50_asl_rootkits.conf
 Include /usr/local/apache/conf/modsec_rules/60_asl_recons.conf
 Include /usr/local/apache/conf/modsec_rules/99_asl_jitp.conf

[mikeshinn]

Oh, I apologize I misunderstood you. You mean *our* modsecurity configuration using *our* rules. Yes, our rules stop that attack, and that test procedure will work provided you installed and configured modsecurity exactly as described in this document:

https://www.atomicorp.com/wiki/index.ph ... rity_Rules

You'll find the test procedure here:

https://www.atomicorp.com/wiki/index.ph ... are_loaded