Notes on MOD Security Print

  • 4

mod_security, modsec, or ModSecurity as it's called by the maker Atomicorp has been a standard on Apache hosting servers for some time now.  If you are hosting for a wide range of client types you undoubtably have run into a few issues with the strict rules implemented by default with some hosting providers.

Viewing the ModSecurity Log

The Mod Security Log can be found on a typical server here:

Searching for something specific in the Mod Security log can be an easy GREP request:
grep "yadda yadda" /usr/local/apache/logs/error_log

Whitelisting a server IP for All Rules

The whitelist file is typically first to be included and can be used to dictate that some or all rules be ignored for a website or IP address.

Edit the whitelist file with your favorite editor!
vi /usr/local/apache/conf/modsec/00_asl_whitelist.conf

Commands can be complicated, for example:
SecRule REMOTE_ADDR "^1\.2\.3\.4" "id:12345,phase:2,t:none,pass,nolog,noauditlog,ctl:ruleRemovebyID=7777"

In the above we are whitelisting the IP address for the rule 7777.

Reference the ModSecurity manual for details:

Remember to Restart the HTTPD server to effect changes

service httpd restart

Was this answer helpful?

« Back