BuycPanel Blog

BuycPanel Blog

Latest news and updates

What is the ModSecurity Guardian Log?

Posted by Allura on 03 12 2018.

Introduction
There are ways to install and configure Apache’s httpd-guardian script. This script allows one to make use of ModSecurity’sTM  SecGuardianLog directive. It monitors the web server requests in connection with the piped log mechanism to detect Denial-of-Service (DoS) attacks. This script has the capability to track the number of requests which the IP address sends and calculates request speed at intervals of one minute and five minutes. After reaching a specified threshold of the requests, the httpd-guardian scripts does two things:

 	Either it emits a warning
 	Or it blocks the IP address.

In the /var/log/apache2/error_log file, the error messages from the scripts resides.

After downloading and configuring the script, one can determine its path in the GuardianLog section of WHM’s ModSecurity Configuration interface (WHM >> Home >> Security Center >> ModSecurity Configuration).

Steps to Install and Configure the httpd-guardian Script
Steps

 	Firstly, one needs to download the Apache-tools repository from the website named net.…

Introduction

There are ways to install and configure Apache’s httpd-guardian script. This script allows one to make use of ModSecurity’sTM  SecGuardianLog directive. It monitors the web server requests in connection with the piped log mechanism to detect Denial-of-Service (DoS) attacks. This script has the capability to track the number of requests which the IP address sends and calculates request speed at intervals of one minute and five minutes. After reaching a specified threshold of the requests, the httpd-guardian scripts does two things:

  • Either it emits a warning
  • Or it blocks the IP address.

In the /var/log/apache2/error_log file, the error messages from the scripts resides.

After downloading and configuring the script, one can determine its path in the GuardianLog section of WHM’s ModSecurity Configuration interface (WHM >> Home >> Security Center >> ModSecurity Configuration).

Steps to Install and Configure the httpd-guardian Script

Steps

  1. Firstly, one needs to download the Apache-tools repository from the website named net. Run the following command as the root user to perform this step:

cvs -z3 -d:pserver:anonymous@a.cvs.sourceforge.net:/cvsroot/apache-tools co -P apache-tools

It must be noted that if the Concurrent Versioning System (CVS) is not found existing in the server, then one can install it via yum install cvs command.

  1. Next, one can open with a text editor the /root/apache-tools/http-guardian file and make configuration changes according one’s desire. To enable the system to log data to be received from Apache, one can set the COPY_LOG variable’s value to the filepath of the log file.

Example: #$COPY_LOG=”/var/lib/http-guardian.log”;my $COPY_LOG;

  1. One needs to navigate to WHM’s ModSecurity Configuration interface (WHM >> Home >> Security Center >> ModSecurity Configuration) to Log in as the root user to the WHM interface.
  2. The following example shows how one can enter the http-guardian script’s path in the GuardianLog setting’s text box:

/root/apache-tools/httpd-guardian

  1. Run the following command to restart apache and check the process list for httpd-guardian script, after saving the changes in WHM’s ModSecurity Configuration interface (WHM >> Home >> Security Center >> ModSecurity Configuration):

ps faux | grep httpd-guardian | grep -v grep

Output of this will necessarily be like:

Root 24722 0.0 0.3 28872 3272? S 19:31 0.00\- /usr/bin/perl -w/root/apache-tools/httpd-guardian

Conclusion

Apache’s httpd-guardian script allows a good working of ModSecurity Configuration. If configured correctly, this interface has the potential to save your server from the malicious DoS attempts.