Secure your website with ModSecurity on your cPanel package

Procédure

What is ModSecurity used for?

ModSecurity is an application firewall module for the Apache web server that analyses and filters HTTP and HTTPS requests. Combined with security rules, ModSecurity can detect and block forms of attack targeting websites. This makes it possible to block attacks before they reach your website's scripts. ModSecurity prevents code injection, SQL injection, malicious file uploads and much more.

Thanks to the ModSecurity interface designed by LWS, you can activate and/or deactivate ModSecurity rules in order to calibrate this firewall to your website's needs, given that an effective rule to block PHP code injection is, for example, counter-productive on a PHP tutorial blog where the site administrator will have to add PHP code regularly to his blog posts, and visitors will comment with bits of PHP code too.

How do I activate/deactivate ModSecurity?

ModSecurity can be activated and deactivated at will from the cPanel interface of your web hosting package, independently for each domain.

1. Log in to your cPanel interface.

2. Go to the "Security" section and click on the "ModSecurity" button:

Secure your website with ModSecurity on your cPanel package

3. Select the domain from the list for which you want to disable ModSecurity and click the "On" or "Off" button to enable or disable ModSecurity for that domain.

Secure your website with ModSecurity on your cPanel package

How do I activate or deactivate a ModSecurity rule for a domain name?

If you wish to activate or deactivate a single ModSecurity rule, click on the "Manage rules" button corresponding to the domain name you wish to modify:

Secure your website with ModSecurity on your cPanel package

You can then click "On" or "Off" on each rule to activate or deactivate it for your domain name:

Secure your website with ModSecurity on your cPanel package

How do I know which rules to deactivate?

You can see which rules have been blocked by ModSecurity by clicking on the "View history" button for your domain name:

Secure your website with ModSecurity on your cPanel package

The rules triggered by modsecurity on your site or application are then listed.

Secure your website with ModSecurity on your cPanel package

Retrieve the rule number corresponding to your block and deactivate it.

Note that a block may not appear on the block history until 5 to 10 minutes after the event.

Conclusion

You now know how to :

  • Understand the usefulness of ModSecurity as a firewall for Apache web servers.
  • Enable and disable ModSecurity for your website from the cPanel interface.
  • Manage ModSecurity rules individually to fine-tune the security of your domain.
  • Review block history to identify and disable specific rules that are causing problems ✅.

We hope this information helps you secure your website effectively. If you have any questions or would like to share your experiences with ModSecurity, please feel free to leave a comment. Thank you for reading and happy security!

Rate this article :

3.6/5 | 13 opinion

This article was useful to you ?

Article utileYes

Article non utileNo

Vous souhaitez nous laisser un commentaire concernant cet article ?

Si cela concerne une erreur dans la documentation ou un manque d'informations, n'hésitez pas à nous en faire part depuis le formulaire.

Pour toute question non liée à cette documentation ou problème technique sur l'un de vos services, contactez le support commercial ou le support technique

MerciMerci ! N'hésitez pas à poser des questions sur nos documentations si vous souhaitez plus d'informations et nous aider à les améliorer.


Vous avez noté 0 étoile(s)

Similar articles

1mn reading

How do I use the IP refusal manager in cPanel?

0mn reading

How do I activate a Let's Encrypt SSL certificate on cPanel?

0mn reading

How can I easily install a paid SSL certificate on cPanel?

1mn reading

How do I use the Firewall on cPanel to authorise or block IPs?


Ask the LWS team and its community a question