ModSecurity® Vendors

Valid for versions 98 through the latest version

Version:

98

Last modified: June 13, 2024


Looking for this interface?
Note:

Your hosting provider can enable or disable this interface for resellers in WHM's Edit Reseller Nameservers and Privileges interface (WHM >> Home >> Resellers >> Edit Reseller Nameservers and Privileges).

Overview

Important:

You must install the ModSecurity Apache module in order to use this interface.

Use WHM’s EasyApache 4 interface (WHM » Home » Software » EasyApache 4) or your package manager to install the ModSecurity Apache module.

The ModSecurity® Vendors interface allows you to install and manage your ModSecurity vendors.

EasyApache 4 loads the /etc/apache2/conf.d/modsec/modsec2.cpanel.conf and /etc/apache2/conf.d/modsec/modsec2.user.conf files as an include. The rules in these files can affect the way in which ModSecurity functions, which may result in false positives on your system. If you see many false positives, check these files for custom rules.

Manage Vendors

Use this section of the interface to manage your ModSecurity vendors.

You can also run the /usr/local/cpanel/scripts/modsec_vendor script as the root user to manage your ModSecurity vendors.

Add a third-party ModSecurity vendor

You can add a third-party ModSecurity vendor in two ways.

Install a vendor via URL

To install a third-party ModSecurity vendor that provides rules via a URL, perform the following steps:

  1. Click Add Vendor. A new interface will appear.

  2. In the Vendor Configuration URL text box, enter the URL for the ModSecurity vendor.

  3. Click Load. The Vendor Name, Vendor Description, Vendor Documentation URL, and Vendor Path text boxes automatically load vendor data.

  4. After you confirm that the vendor data is correct, click Save.

Note:

We strongly recommend that you use an SSL-secured URL as the Vendor Configuration URL. This ensures that no one can tamper with vendor-provided updates.

Install a vendor via package manager

To install a third-party ModSecurity vendor that provides rules via a package manager, perform the following steps:

  1. Ensure that the yum repository exists on your server. Yum repositories are located in the /etc/yum.repos.d/ directory. If the repository exists, you will find a .repo file for the vendor in that directory. For more information, read our Package Manager Basics documentation.
  2. Run the following command, where modsecurity-vendor represents the vendor’s package file:
    Operating SystemCommand
    CentOS 7yum install modsecurity-vendor
    AlmaLinux OS and Rocky Linux™dnf install modsecurity-vendor
    Ubuntu®apt install --purge modsecurity-vendor

  3. The vendor’s rule set will appear in the interface.

Install a cPanel-provided ModSecurity vendor

To install a cPanel-provided ModSecurity vendor, click Install for that vendor, and then click Install and Restart Apache.

cPanel & WHM provides the OWASP® ModSecurity Core Rule Set in two forms:

  • To install the new version of the rule set, you must install the ea-modsec2-rules-owasp-crs package in the Additional Packages section of WHM’s EasyApache 4 interface (WHM » Home » Software » EasyApache 4). This will install the package version of the rules, and will replace the previous rule set. This version receives updates frequently.
  • To use the older version of the rule set, click Install next to OWASP® ModSecurity Core Rule Set V3.0 in the table. This rule set is not currently updated.

Enable or disable a vendor

  • To enable a vendor, click On in the Enabled column for that vendor.

  • To disable a vendor, click Off in the Enabled column for that vendor.

Enable or disable updates

When you enable updates, the system retrieves new copies of the vendor metadata from the URL that you used during vendor installation. The system compares the downloaded metadata and automatically fetches and installs new versions of the rule set.

  • To enable automatic updates for a vendor, click On in the Updates column.

  • To disable automatic updates for a vendor, click Off in the Updates column.

The system checks for vendor updates when the /usr/local/cpanel/scripts/upcp script runs. For more information, read our How to Update Your System and Update Preferences documentation.

Edit a vendor

The ModSecurity vendor rule sets group common rules into separate configuration files. To selectively enable or disable the configuration files, edit the vendor.

To edit a ModSecurity vendor, perform the following steps:

  1. Click Edit for the vendor that you wish to edit.

  2. Click Enable All, click Disable All, or click the toggle to enable or disable each configuration file.

Delete a vendor

To delete a ModSecurity vendor, locate the vendor in the list, click Delete, and then click Delete.

Warning:

cPanel’s Redirects interface (cPanel » Home » Domains » Redirects) is not compatible with ModSecurity. To add a redirect, you must disable the REQUEST-931-APPLICATION-ATTACK-RFI.conf file in WHM’s ModSecurity® Tools interface (WHM » Home » Security Center » ModSecurity® Tools).

Additional Documentation