ModSecurity is a web application firewall that provides script request filtering to prevent poor or malicious coding from being executed or exploited on a Linux server. This module is easily installed when running a cPanel server by using the EasyApache application and is highly recommended to enhance your server’s security. However, the default rules supplied by the application are not only quite basic, but can also result in a high level of false positives, which when managing a shared hosting environment can become a major pain to have to deal with.
The GotRoot rules compiled by Atomicorp are a fantastic alternative and dramatically improve ModSecurity’s effectiveness while reducing false positives. Atomicorp provide a free release of these rules(delayed by at least 90 days) which are relatively easy to install on your cPanel Server.
Login to your server via SSH as root and then perform the following steps
1. First create required directories
2. Change permissions for folders(cPanel)
chown nobody.nobody /var/asl/data/msa
chown nobody.nobody /var/asl/data/audit
chown nobody.nobody /var/asl/data/suspicious
chmod o-rx -R /var/asl/data/*
chmod ug+rwx -R /var/asl/data/*
3. Upload rules to /etc/httpd/modsecurity.d – (include the .conf files listed below as well as .txt files)
4. Add the following lines to the user configuration file - (/usr/local/apache/conf/modsec2.user.conf)
SecResponseBodyMimeType (null) text/html text/plain text/xml
Add the following to the php.ini file to avoid PCRE errors:
pcre.backtrack_limit = 50000
pcre.recursion_limit = 50000