WHM Server Security – Setup & Configuration of ModSecurity

ModSecurity is a very efficient and widely used tool used in most of the cPanel servers for intrusion detection and prevention.

It also offers protection to a wide range of attacks. The way in which ModSecurity operates is that we set a list of rules for eg: all the POST and DELETE HTTP from any IP methods must be blocked. If the incoming HTTP connection mathes the rule, the IP from which the connection is established will be blocked by ModSecurity.

You can install ModSecurity really easy via cPanel/WHM’s Easyapache tool.

Once ModSecurity is installed you can easily manage it via WHM panel. Login to WHM and go to, Home >> Security Center

There you can see three options

ModSecurity™ Configuration

ModSecurity™ Vendors

ModSecurity™ Tools

Let’s see what each of these options are meant for.

ModSecurity™ Configuration

This interface lets you to configure the general or global settings.


You can see a number of directives and the options for each for each of it. You may go through what each directive and the options are for by going to the details link. Just select the options and Save.

ModSecurity™ Vendors

ModSecurity vendors are the providers which provides the set of ModSecurity rules. If you install a vendor, their set of rules will be installed in the server.


Just click on the install button on the right of the corresponding ModSecurity Vendor.


Click on the Install and Restart Apache button. This will add the ModSecurity rules of that vendor in the server and these rules will be active after the Apache restart.

ModSecurity™ Tools

This interface shows you the list of all the hits. i.e, all the connections that were blocked due to the ModSecurity trigger.

If you click in the Rules list, you can see the list of all the installed rules. You can also disable the rule from this interface.


You can refer Apache logs for the hits and the rule ID which triggers mod_security.

For any further assistance or queries, feel free to contact our 24*7*365 support department.

Leave a Reply

Your email address will not be published.