BuycPanel Blog

BuycPanel Blog

Latest news and updates

3/16/2015 – Is cPanel Compatible with mod_security?

Posted by Jamison on 16 03 2015.

Today’s digital landscape is steadily evolving to offer more convenineces and better functions for clients who want to manage and modify their websites without high levels of IT expertise.


The problem is, you still need some IT expert-level plugins and other functions to protect your system. As time goes on, various attacks can happen to your system and new types of threats are always being developed that can compromise your data and your website.


One way to protect your website is through mod_security


Mod_security is an apache module that helps to protect your website from various attacks. It is used to block commonly known exploits by use of regular expressions and rule sets and is enabled on all InMotion servers by default.


Mod_Security can potentially block common code injection attacks which strengthens the security of the server. If you need to disable the mod_security rules we can show you how, and help you do so.


When coding a dynamic website, sometimes users forget to write code to help prevent hacks by doing things such as validating input. Mod_security can help in some cases those users that run sites that don’t have security checks in their code.


Mod_Security can potentially block common code injection attacks which strengthens the security of the server.


How to install mod_security


So now that you know mod_security is compatible with cPanel and WHM, here’s how to install it:


If you log into WHM and go to:


  • Plugins –> mod_security you will see several instances of where the mod_security rules are being triggered for your site


Since mod_Security is a web application firewall that provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis, you sometimes have to allow websites and other services to access your website—especially if you have new plugins.


Keep in mind that mod_security rules are triggered when the firewall sees what it considers to be suspicious activity. The block is triggered against a specific rule and recorded at the log view via Plugins –> ModSecurity. You review the content of these rules by clicking on the “Edit Config” button. Some of your updates and content can be blocked if you haven’t allowed them.


The most immediate solution to this issue is to remove the mod_sec blocked IP rules in ConfigServer Security & Firewall.


How to fix mod_security


Here’s how to fix your Firewall and Security settings to allow some content:


ConfigServer Security & Firewall: WHM Home > Plugins > ConfigServer Security & Firewall > Firewall Deny IP’s > Remove Line Containing IP > Change > Restart CSF / LFD


ConfigServer Security & Firewall is your second firewall, it protects you against Port Scans, HTTP auth brute force attempts, SSH login attempts etc:


This will allow the IP’s of those clients that were being blocked to work again.


It is highly recommended that you install mod-security and take the time to configure it to the services and users you allow. This protects your website and content from the evolving threats of the internet.