How to Enable OWASP ModSecurity CRS in WHM/cPanel

By Jithin on September 8th, 2016

OWASP stands for Open Web Application Security Project. OWASP ModSecurity CRS (Core Rule Set) is a set of web application rules used to protect the server. It uses a configuration file to set these rules. OWASP ModSecurity CRS increases the amount of protection for web applications. It acts as a baseline protection for common web application attacks. These rules are easily pluggable.

 

The OWASP ModSecurity CRS provides protections such as:

1) HTTP Protection – detecting violations of the HTTP protocol and a locally defined usage policy.

2) Real-time Blacklist Lookups – utilizes 3rd Party IP Reputation

3) HTTP Denial of Service Protections – defense against HTTP Flooding and Slow HTTP DoS Attacks.

4) Common Web Attacks Protection – detecting common web application security attack.

5) Automation Detection – Detecting bots, crawlers, scanners and other surfaces for malicious activity.

6) Integration with AV Scanning for File Uploads – detects malicious files uploaded through the web application.

7) Tracking Sensitive Data – Tracks Credit Card usage and blocks leakages.

8) Trojan Protection – Detecting access to Trojans horses.

9) Identification of Application Defects – alerts on application reconfigurations.

10) Error Detection and Hiding – Disguising error messages sent by the server.

 

OWASP ModSecurity CRS is free to use and it is licensed under the Apache Software License version 2 (ASLv2). We can copy, distribute and transmit the work. OWASP ModSecurity rule provides protection from insecure web application design. It provides a layer of protection for web applications such as WordPress, phpBB, and other types of web applications. ModSecurity may block a security attack whenever the developer of an application makes any security mistakes. OWASP ModSecurity rule provides protection against operating system level attack. It also provides protection against generalized malicious traffic. Some of the security threats are not directly attacking a program or application on the server.

 

Setting OWASP ModSecurity rule

1) Log in to WHM.

2) Install mod_security module. Run EasyApache (Home >> Software >> EasyApache)

3) Navigate to ModSecurity Vendors interface (Home>>Security Center>> ModSecurity™ Vendors).

4) Install OWASP rule set.

 

These rules are active only after enabling the configuration file.

5) To view the logged notifications and blocked traffic from these rules, navigate to

Home >> Security Center >> ModSecurity™ Tools.

 

If you need any further assistance please contact our support department.