cPanel is a Linux based web hosting control panel. As it is based on web it needs a firewall to protect the uploaded websites and files from external threats. Just like a web application firewall, ModSecuity helps to protect from certain types of threats such as DoS, Brute Force or malicious breaches. Its design is considered to be an apache module. This firewall protects the sites and files, uploaded to cPanel from such threats depending upon the ruleset in use.
The tools that configure the ModSecurity cannot do anything unless the module is installed in apache. Now if you find that the ModSecurity is not installed, then you can do it in another way through an interface called EasyApache. Before starting the build process you have to make sure that you have selected ModSecurity. After the build process is completed, the first step is to add a ruleset. The easy way to add a ruleset is instructed in WHM at Home >> Security Center >> ModSecurity™ Vendors. There is a cPanel-curated OWASP ruleset available as default. If you prefer to use a different ruleset instead of OWASP then check with the developer and if they make it available as a vendor you can add that preferred ruleset through WHM.
The modifications which are needed to the installed in ruleset, can be done on WHM at Home >> Security Center >> ModSecurity™ Tools.
Now if the applied ruleset is not suitable for a specific site then you can disable those specific rules or report the negatives to the developer of the ruleset. By reporting the negatives you’ll allow the developer to change the ruleset and will be updated automatically by cPanel/WHM at the time of daily maintenance. ModSecurity also provides a list of rules which makes easy to enable or disable those but can only be applied on the manually added rules. Vendor rules can be enabled or disabled individually when needed.
Few rules are not compatible with Mod_ruid2. Due to the interactions between the permissions and owners/users, the file containing values will not work with Mod_ruid2. Rules that do not work with Mod_ruid2 will mostly tend to be incompatible with mpm-itk.
On confusion, whether the ruleset is containing rules that need to be store values in files, you can check with the developer before trying to use on the server using mod_ruid2 or mpm-itk.
If you install ConfigServer security & firewall in the server, you will be able to enable a feature called LF_MODSEC. On enabling this feature the IP Address will be blocked which triggers the modsec rules repeatedly in a certain time period. Before enabling this firewall feature you’ll have to be sure that modsec is appropriate for that particular server.
It can be concluded that using ModSecurity makes the procedure easy to handle and helps protecting the files from external threats.