ModSecurity is a powerful web application firewall (WAF) that provides an additional layer of protection for your websites by filtering and monitoring HTTP traffic. It is a must-have tool for defending against a variety of cyber threats, such as SQL injection, cross-site scripting (XSS), and brute-force attacks. If you’re using cPanel, you can easily configure ModSecurity to enhance your website’s security. In this guide, we’ll walk you through the setup process, explore its benefits, and highlight free WAF options you can add to your UnderHost cPanel hosting environment.

Why Use ModSecurity?

ModSecurity is an essential tool for website protection, offering features such as:

  • Real-Time Threat Detection: Blocks malicious requests before they reach your web application.
  • Protection Against Common Vulnerabilities: Safeguards against SQL injection, XSS, and other attacks.
  • Customizable Rules: Allows administrators to create or modify security rules to meet specific needs.
  • Detailed Logging: Tracks malicious activity and generates detailed reports for analysis.
  • Easy Integration: Works seamlessly with cPanel and Apache web servers.

Prerequisites

Before configuring ModSecurity, ensure the following:

  • cPanel Access: You must have access to your cPanel account.
  • Administrator Privileges: If you’re a reseller or server owner, you may need root access to configure advanced settings.
  • Installed ModSecurity Module: ModSecurity must already be installed on your server. Most UnderHost hosting plans include it by default. If not, contact our support team for assistance.

How to Enable and Configure ModSecurity in cPanel

1. Log in to cPanel

Access your cPanel account by navigating to https://yourdomain.com/cpanel. Enter your username and password to log in.

2. Locate ModSecurity

In the cPanel dashboard, scroll down to the “Security” section and click on ModSecurity.

3. Enable ModSecurity

Once in the ModSecurity interface, follow these steps:

  • Select the domain or subdomain you want to protect.
  • Click the toggle switch or “On” button to enable ModSecurity for the selected domain.

If you manage multiple domains, you can enable ModSecurity for all of them with a single click by choosing “Enable All Domains.”

4. Configure ModSecurity Rules

ModSecurity uses rulesets to identify and block malicious traffic. By default, your server may come with a pre-installed ruleset, such as the OWASP ModSecurity Core Rule Set (CRS). You can customize these rules based on your security requirements:

  • Default Rules: Leave the default rules enabled for basic protection.
  • Custom Rules: To add or modify rules, you’ll need WHM access: 
    WHM > Security Center > ModSecurity™ Vendors

    Here, you can upload third-party rules or create your own.

5. Test Your Configuration

After enabling ModSecurity, it’s important to test its functionality:

  • Attempt to access your website using known attack patterns (e.g., injecting SQL queries into a form). ModSecurity should block the request.
  • Review the logs for any blocked requests to ensure the rules are working as expected.

6. Monitor Logs and Adjust Rules

ModSecurity generates detailed logs for every blocked request. To access these logs in cPanel:

  • Go to Metrics > Raw Access Logs in your cPanel dashboard.
  • Analyze the logs for false positives or patterns in malicious traffic.

If a legitimate request is mistakenly blocked, consider adjusting or disabling specific rules.

Adding Free WAF Options to Your cPanel

For even more security, consider integrating these free WAF solutions with your ModSecurity configuration:

1. OWASP ModSecurity Core Rule Set (CRS)

The OWASP CRS is a free, community-driven ruleset that protects against common vulnerabilities like SQL injection and XSS. It’s often pre-installed with ModSecurity or can be added via WHM:

WHM > Security Center > ModSecurity™ Vendors

Official repository: OWASP CRS GitHub

2. Cloudflare Free Plan

Cloudflare’s free plan includes basic WAF-like protections by filtering malicious traffic through their global CDN. It’s an excellent complement to ModSecurity.

Steps to integrate:

  1. Sign up for Cloudflare and point your domain’s DNS to their nameservers.
  2. Use the Cloudflare cPanel plugin for easy management.

3. Atomicorp Free ModSecurity Rules

Atomicorp offers a free ruleset for ModSecurity, regularly updated to protect against emerging threats.

Download: Atomicorp Free Rules

4. NAXSI (Nginx Anti-XSS and SQL Injection)

If you’re using NGINX as a reverse proxy with cPanel, NAXSI is a lightweight WAF that offers protection against SQL injection and XSS vulnerabilities.

Details: NAXSI Official Site

Benefits of Using ModSecurity with cPanel

Integrating ModSecurity with cPanel offers several advantages:

  • Enhanced Security: Protects your website from a wide range of cyber threats.
  • User-Friendly Interface: Easily enable or disable ModSecurity for specific domains via cPanel.
  • Cost-Effective Protection: Built into your hosting plan at no additional cost.
  • Customization Options: Fine-tune rules to match your website’s unique needs.

Troubleshooting Common Issues

If you encounter issues with ModSecurity, here are some tips:

  • False Positives: Review the logs to identify legitimate requests being blocked. Modify or disable the offending rules.
  • Performance Impact: On high-traffic websites, ModSecurity may slightly impact performance. Optimize rulesets to reduce overhead.
  • Compatibility Issues: If ModSecurity conflicts with a plugin or application, create exceptions in the rules.

Contact UnderHost support if you need assistance troubleshooting any issues.

Why Choose UnderHost for cPanel Hosting?

At UnderHost, we prioritize your website’s security by providing optimized cPanel hosting environments with ModSecurity pre-installed. Here’s what you get with our hosting:

  • Advanced Security: ModSecurity with pre-configured rules to protect your sites.
  • Offshore Hosting: Privacy-focused locations to secure your data.
  • 24/7 Support: Our team is always available to help you configure and manage ModSecurity.
  • High-Performance Servers: SSD-powered hosting for fast and reliable website performance.

Explore Our Hosting Plans to experience secure, high-performance cPanel hosting with ModSecurity today!