{"id":534,"date":"2021-07-23T12:32:18","date_gmt":"2021-07-23T12:32:18","guid":{"rendered":"https:\/\/ssdsunucum.com\/blog\/modsecurity-3\/"},"modified":"2021-07-23T12:32:18","modified_gmt":"2021-07-23T12:32:18","slug":"modsecurity-3","status":"publish","type":"post","link":"https:\/\/ssdsunucum.com\/blog\/modsecurity-3\/","title":{"rendered":"ModSecurity\u00ae 3"},"content":{"rendered":"<\/p>\n
\n
\n
\n

Valid for versions 92 through the latest version<\/em><\/p>\n<\/div>\n

\n

Version:<\/h4>\n

92<\/h4>\n<\/div><\/div>\n
\n

Overview<\/h2>\n

ModSecurity 3 is a web application firewall. You can use ModSecurity on systems that run Apache and NGINX\u00ae. ModSecurity 3 is now a library, and you must install a connector for your web server in order for it to function.<\/p>\n

Compatibility<\/h2>\n

ModSecurity 3 is compatible with systems that run both Apache and NGINX.<\/p>\n

ModSecurity 3 is only<\/strong> compatible with CentOS 7 on systems that run NGINX.<\/p>\n

\n
Warning:<\/div>\n
\n

ModSecurity 3 is experimental<\/strong>. You must<\/strong> install the Experimental Repository to use it.<\/p>\n<\/p><\/div>\n<\/div>\n

Install ModSecurity 3<\/h2>\n

You can install ModSecurity 3 in two ways.<\/p>\n

In the interface<\/h4>\n

Use the EasyApache 4<\/em> interface (WHM > Home > Software >> EasyApache 4<\/em>) to install the following packages:<\/p>\n

    \n
  1. \n

    Install one of the following connectors:<\/p>\n

      \n
    • ea-modsec30-connector-nginx<\/code> \u2014 Install this package if your system runs NGINX.<\/li>\n
    • ea-modsec30-connector-apache24<\/code> \u2014 Install this package if your system runs Apache.<\/li>\n<\/ul>\n<\/li>\n
    • \n

      Install the ea-modsec30-rules-owasp-crs<\/code> package \u2014 This installs the OWASP rule set for ModSecurity 3.<\/p>\n<\/li>\n<\/ol>\n

      On the command line<\/h4>\n

      Run the following commands to install ModSecurity 3 on the command line:<\/p>\n

        \n
      1. \n

        Install one of the following connectors:<\/p>\n

          \n
        • If your system runs NGINX, install the NGINX connector with the following command:\n
          \n
          \tyum install ea-modsec30-connector-nginx<\/code><\/pre>\n<\/div>\n<\/li>\n
        • If your system runs Apache, install the Apache connector with the following command:\n
          \n
          \tyum install ea-modsec30-connector-apache24<\/code><\/pre>\n<\/div>\n<\/li>\n<\/ul>\n<\/li>\n
        • \n
          Run the following command to install the OWASP rule set:\n<\/p>\n
          \n
          yum install ea-modsec30-rules-owasp-crs<\/code><\/pre>\n<\/div>\n<\/li>\n<\/ol>\n
          Configuration files<\/h2>\n
          Depending on which ModSecurity connector you use, the system uses different configuration file locations.<\/p>\n
          NGINX<\/h4>\n
          If you install the NGINX connector, ModSecurity uses the following configuration files:<\/p>\n\n\n\n\n\n\n\n\n\n
          Path<\/th>\nDescription<\/th>\n<\/tr>\n<\/thead>\n
          \/etc\/nginx\/conf.d\/modsec30.conf<\/code><\/td>\nThis file contains your ModSecurity default configuration and Include<\/code> directives for the following modsec30.cpanel.conf<\/code> and modsec30.user.conf<\/code> files.<\/td>\n<\/tr>\n
          \/etc\/nginx\/conf.d\/modsec\/modsec30.cpanel.conf<\/code><\/td>\nThis file contains the custom configurations and rules you defined in the cPanel & WHM user interface.<\/td>\n<\/tr>\n
          \/etc\/nginx\/conf.d\/modsec\/modsec30.user.conf<\/code><\/td>\nThis file contains any ModSecurity settings that you cannot set via cPanel & WHM. You must edit this file manually if you wish to use it.<\/p>\n
          \n
          Important:<\/div>\n
          \n        Use caution when you edit the modsec30.user.conf<\/code> file, as unexpected results may occur.\n    <\/div>\n<\/div>\n<\/td>\n<\/tr>\n
          \/etc\/nginx\/conf.d\/modsec_vendor_configs\/<\/code><\/td>\nThis directory contains your ModSecurity vendor configurations.<\/td>\n<\/tr>\n
          \/var\/log\/nginx\/modsec30_audit\/<\/code><\/td>\nThis directory contains the ModSecurity log files.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
          \n
          Note:<\/div>\n
          \n
          ModSecurity uses concurrent logging with NGINX.<\/p>\n<\/p><\/div>\n<\/div>\n
          Apache<\/h4>\n
          If you install the Apache connector, ModSecurity uses the following configuration files:<\/p>\n\n\n\n\n\n\n\n\n
          Path<\/th>\nDescription<\/th>\n<\/tr>\n<\/thead>\n
          \/etc\/apache24\/conf.d\/modsec30.conf<\/code><\/td>\nThis file contains your ModSecurity default configuration and Include<\/code> directives for the following modsec2.cpanel.conf<\/code> and modsec2.user.conf<\/code> files.<\/td>\n<\/tr>\n
          \/etc\/apache2\/conf.d\/modsec2.cpanel.conf<\/code><\/td>\nThis file contains the custom configurations and rules you defined in the cPanel & WHM user interface.<\/td>\n<\/tr>\n
          \/etc\/apache2\/conf.d\/modsec\/modsec2.user.conf<\/code><\/td>\nThis file contains any ModSecurity settings that you cannot set via cPanel & WHM. You must edit this file manually if you wish to use it.<\/p>\n
          \n
          Important:<\/div>\n
          \n        Use caution when you edit the modsec2.user.conf<\/code> file, as unexpected results may occur.\n    <\/div>\n<\/div>\n<\/td>\n<\/tr>\n
          \/etc\/apache2\/logs\/modsec_audit\/<\/code><\/td>\nThis directory contains the ModSecurity log files.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
          \n
          Note:<\/div>\n
          \n
            \n
          • The Apache configuration file paths use modsec2<\/code> in their naming convention due to limitations on the system.<\/li>\n
          • ModSecurity logs events concurrently in Apache when mod_ruid2<\/code> or mod_mpm_itk<\/code> are installed. If they are not installed, it uses serial logging.<\/li>\n<\/ul><\/div>\n<\/div>\n
            ModSecurity Rules<\/h2>\n
            We provide  the OWASP\u00ae ModSecurity core rule set for ModSecurity 3 rules via RPM. You must install the ea-modsec30-rules-owasp-crs<\/code> RPM to use it.<\/p>\n
            Third party rule sets<\/h4>\n
            You can only<\/strong> install a third-party rule set if that rule set supports ModSecurity 3.<\/p>\n
            If you attempt to install an unsupported rule set in WHM\u2019s ModSecurity\u00ae Vendors<\/em> interface (WHM >> Home >> Security Center >> ModSecurity\u00ae Vendors<\/em>) with ModSecurity 3 installed, the system will disable the rule set and return an error in the interface.<\/p>\n
            Rules format<\/h4>\n
            ModSecurity 3 formats its rules differently than ModSecurity 2.<\/p>\n
            Differences between ModSecurity 2 and ModSecurity 3<\/h2>\n
            There are several behavior differences between ModSecurity 2 and ModSecurity 3.<\/p>\n
            \n
            Important:<\/div>\n
            \n
            This list is not<\/strong> comprehensive.<\/p>\n<\/p><\/div>\n<\/div>\n
            Directives<\/h4>\n
            ModSecurity 3 does not<\/strong> support the SecDataDir<\/code> directive.<\/p>\n
            ModSecurity 3 with NGINX does not<\/strong> support the following directives:<\/p>\n
              \n
            • SecConnEngine<\/code><\/li>\n
            • SecDisableBackendCompression<\/code><\/li>\n
            • SecDataDir<\/code><\/li>\n
            • SecGsbLookupDb<\/code><\/li>\n
            • SecGuardianLog<\/code><\/li>\n<\/ul>\n
              Response codes<\/h4>\n
              ModSecurity 3 with NGINX may return a 406 response code in situations where ModSecurity 2.9 would return a 403 response code.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"
              Valid for versions 92 through the latest version Version: 92 Overview ModSecurity 3 is a web application firewall. You can use ModSecurity on systems that run Apache and NGINX\u00ae. ModSecurity 3 is now a library, and you must install a connector for your web server in order for it to function. Compatibility ModSecurity 3 is …<\/p>\n","protected":false},"author":1,"featured_media":535,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts\/534"}],"collection":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/comments?post=534"}],"version-history":[{"count":0,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts\/534\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/media\/535"}],"wp:attachment":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/media?parent=534"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/categories?post=534"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/tags?post=534"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}