Bobcares

ModSecurity WAF – enable it with ease

by | Nov 11, 2019

ModSecurity WAF establishes an external security layer to increase the security.

It is supported by different web servers: Apache, Nginx, and IIS. Also, it works as a web server module.

At Bobcares, we often receive requests to enable ModSecurity as a part of our Server Management Services.

Today, let’s see how our Support Engineers enable ModSecurity and fix its errors.

 

What is ModSecurity WAF and why do we need it?

Willing to protect web applications from various attacks? ModSecurity is one of the best options.

ModSecurity is an open-source Web Application Firewall(WAF).

The benefits of ModSecurity is numerous. It majorly provides protection from a range of attacks from web applications.

Moreover, it provides rules for real-time monitoring and filtering of HTTP communications. Also, it is commonly deployed to provide protection against vulnerabilities.

 

How we enable ModSecurity in cPanel?

It is quite easy to enable ModSecurity in cPanel. We can accomplish this by following only a few steps. Let’s see how our Support Engineers enable it on the cPanel.

1. Log into cPanel and navigate to the Security section.
2. Then, find the ModSecurity option.
3. Here, we can disable or enable the ModSecurity for all the domains.
4. Then, click the Enable button to enable the ModSecurity.
Now we can see a message ‘ModSecurity is enabled for all of your domains.
5. Also, there is also an option to configure individual domains. Here, we can enable the ModSecurity to individual domains separately.

 

How we enable ModSecurity in Plesk?

Enabling the ModSecurity in Plesk is also simple. Let’s take a look at how our Support Engineers enable the ModSecurity in Plesk.

1. Log into Plesk and navigate to the Tools & Settings section.
2. Then, click on the Web Application Firewall (ModSecurity) option
3. Now, we set the WAF mode to On or Detection only.
4. Next, we select the set of rules according to the requirements. Here, it includes Atomic Basic ModSecurity, OWASP ModSecurity Core Rule Set (CRS) and so on.
5. Lastly, we select the Update rule set the checkbox to automatically update the selected ruleset. And then select the update period.

 

Common errors while enabling ModSecurity WAF

Now, let’s see how our Support Engineers fix errors relating to ModSecurity.

 

1. Unavailability of ModSecurity option

Recently, one of our customers was trying to enable ModSecurity in Plesk. But, he was not able to find the option to enable it. As, there was no ModSecurity option available under Tools and Settings section.

Initially, we could see that the ModSecurity option was not available in the Plesk under Tools & Settings option.

So, we installed the ModSecurity by connecting to Plesk and navigating to the Tools & Settings option. And then we access the Updates and Upgrades section. Here we clicked on Add/Remove Components option. Then, in the available options, we selected ModSecurity. Then, we installed the ModSecurity in Plesk.

Finally, the customer was able to see the option available in Plesk. Then he was able to enable it.

 

2. Forbidden error

Another most common error that occurs by ModSecurity is 403 Forbidden errors.

Here, it simply tells us that we have no proper permissions to access the server.

ModSecurity checks every page request against various rules. After that, it filters the request which seems malicious.

Sometimes, poor website coding will make ModSecurity determine the request to be malicious. But, this request will be legitimate.

When this happen we receive a 403 forbidden error.

 

[Need any further assistance with ModSecurity? – We’ll help you]

 

Conclusion

In short, ModSecurity is supported in both Plesk and cPanel for Linux and Windows. Today, we saw how our Support Engineers enable ModSecurity in cPanel and Plesk and fix its errors.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.