The ModSecurity® Tools interface allows you to install and manage ModSecurity rules.
The ModSecurity Apache module must be installed in order to use this interface.
Use WHM’s EasyApache 4 interface (WHM » Home » Software » EasyApache 4) or your package manager to install the ModSecurity Apache module.
What Is Apache ModSecurity
ModSecurity is a web application firewall.
It monitors incoming web traffic for threats in real-time, blocking malicious connections before they reach applications.
ModSecurity is a rule-based firewall; it compares requests to a list of rules, looking for patterns that match attacks such as SQL injection, session hijacking, cross-site scripting, and more.
ModSecurity In cPanel
cPanel & WHM includes many features that help web hosts and site administrators to repel bad bots, including the ModSecurity web application firewall (WAF).
Automated attack bots bombard web apps with malicious requests as soon they go online.
Attackers target every website and ecommerce store eventually, hoping to find a vulnerability they can exploit to inject code, misuse resources, or steal data.
In 2019, bad bots generated a quarter of all web traffic.
cPanel & WHM has supported ModSecurity 2 for many years, and in cPanel 92, we introduced support for ModSecurity 3.
It should be emphasized that ModSecurity 3 support is experimental, but it offers a couple of significant advantages:
ModSecurity 3 is faster than earlier versions.
It does not depend on Apache and can be used with other web servers, including NGINX.
With cPanel & WHM, it’s straightforward to install and manage ModSecurity 3, a fast, powerful web application firewall that protects applications from a huge range of attacks and vulnerabilities.
For more information see the cPanel's ModSecurity Documentation
