Mod_Security

Portal Home > Knowledgebase > Articles Database > Mod_Security

Posted by addieparker, 08-25-2009, 12:08 AM
How can i be sure that mod_security I have installed is working. I have installed it but i am not sure how to verify its active and working
Posted by MikeDVB, 08-25-2009, 01:27 AM
Depending on the settings on the server go to a site and then go to a 404 page (file not found page) and if it's running Apache and the settings are right it will tell you at the bottom. Beyond that, you can check to see what Modules Apache has loaded. I forget the command off the top of my head but it's something like /etc/init.d/httpd -l
Posted by alanzkorner, 08-25-2009, 02:05 AM
Hello, If it is a Cpanel server you will be able to find a folder /etc/httpd/conf/modsec2 modesec2 in this location . It will have four files as shown below to which you can add custom rules , custom.conf exclude.conf rootkits.conf whitelist.conf Basically whatever be the kind of server , it will have an entry in your apache conf Open /etc/httpd/conf/http.conf in vi editor ( for cpanel ) or for other servers locate the httpd.conf and search for the entry modsec m you will be able to find some thing like Include "/usr/local/apache/conf/modsec2.conf" which will be the modsec conf , Also you can check your apache error log , if Modsec is working and your server has a number of websites , you will be able to see modesec protecting your server using its rules do a tail -f /usr/local/apache/logs/error_log | grep modesec on a terminal .( or the corresponding error log ) . Hope that helps.
Posted by adminpaul, 08-25-2009, 05:40 AM
Hi, Execute the following command in your server. If mod_security is enabled, it will list the module name mod_security httpd -t -D DUMP_MODULES
Posted by WHR-Abner, 08-25-2009, 06:32 AM
Check the pattern matching strings in the mod_security custom rules file. Try accessing one of the string via browser, say http://domain/string.php 'tail' the error logs, you will see the mod_security error if it is working properly.