How to Enable ModSecurity™ Domain Manager via WHM Panel?

ModSecurity™ is a fast and free web application firewall (WAF) that aims to protect web applications from diverse web application threats. ModSecurity™ Domain Manager in WHM (WebHost Manager) enables a server administrator to configure/moderate ModSecurity™ settings for the given domain. 

Navigating the tutorial below will assist you in the instructions of enabling, in addition to configuring ModSecurity™ Domain Manager with the WHM panel, which shall enable you to strengthen the security measures of your sites.

Prerequisites:

- Administrative access to your WHM panel

- ModSecurity™ installed on your server

- Basic understanding of web security concepts

Step-by-Step Guide:

1. Log in to WHM:

   Using your root login and password, access your WHM panel. In case you're not sure how to access the login URL, it usually looks like this: https://yourdomain.com:2087.

2. Navigate to ModSecurity™ Configuration:

Look for "ModSecurityTM" in the WHM left sidebar or navigate to the "Security Center" area.. Click on "ModSecurity™ Configuration."

3. Enable ModSecurity™:

   If ModSecurity™ is not already enabled on your server, you'll need to enable it first:

   - Look for the "ModSecurity™" section at the top of the page.

   - Set the toggle switch to "On" to enable ModSecurity™.

   - Click "Save" to apply the changes.

4. Access ModSecurity™ Domain Manager:

   Once ModSecurity™ is enabled, return to the main WHM interface and search for "ModSecurity™ Domain Manager" in the left sidebar. Click on it to open the configuration page.

5. Enable ModSecurity™ Domain Manager:

   - On the ModSecurity™ Domain Manager page, look for the "Enable ModSecurity™ Domain Manager" option.

   - Set the toggle switch to "On" to enable the Domain Manager.

   - Click "Save" to apply the change.

6. Configure Global Settings:

   Before managing individual domain settings, configure the global ModSecurity™ settings:

   - Scroll down to the "Global ModSecurity™ Configuration" section.

   - Here, you can set the default behavior for all domains:

     a. Choose the ModSecurity™ rule set (e.g., OWASP Core Rule Set).

     b. Set the default action for new domains (enabled or disabled).

     c. Configure logging options.

   - Click "Save" after making your selections.

7. Manage Individual Domain Settings:

   With the Domain Manager enabled, you can now configure ModSecurity™ settings for specific domains:

   - Scroll to the "Per-Domain ModSecurity™ Configuration" section.

   - You'll see a list of all domains on your server.

   - For each domain, you can:

     a. Enable or disable ModSecurity™.

     b. Select a specific rule set (if different from the global setting).

     c. Configure custom rules or exceptions.

8. Apply Custom Rules (Optional):

   To add custom ModSecurity™ rules for a specific domain:

   - Next to the domain name, select the "Manage" option.

   - The "Custom Rules" area allows you to create, modify, or remove domain-specific rules.

   - Use the ModSecurity™ rule syntax to define your custom rules.

   - Click "Save" to apply the custom rules.

9. Configure Rule Exceptions (Optional):

   If certain ModSecurity™ rules are causing false positives or interfering with legitimate traffic:

   - Click the "Manage" button next to the domain name.

   - Go to the "Rule Exceptions" section.

   - Add the rule IDs that you want to disable for this specific domain.

   - Click "Save" to apply the exceptions.

10. Verify Configuration:

    After enabling and configuring ModSecurity™ Domain Manager:

    - Visit the websites on your server to ensure they're functioning correctly.

    - Check the Apache error logs for any ModSecurity™-related warnings or errors.

    - Monitor your server's performance to ensure ModSecurity™ isn't causing significant overhead.

Best Practices:

1. Regular Updates: Keep your ModSecurity™ installation and rule sets up to date to protect against the latest threats.

2. Gradual Implementation: If you're enabling ModSecurity™ on a live server, start with a few domains and gradually expand to others, monitoring for any issues.

3. Testing: Always test your ModSecurity™ configuration in a staging environment before applying changes to production sites.

4. Performance Monitoring: Keep an eye on your server's performance after enabling ModSecurity™. Adjust rules or exceptions if you notice significant slowdowns.

5. Log Analysis: Regularly review ModSecurity™ logs to identify potential attacks and fine-tune your rules.

6. Backup: Before making significant changes to your ModSecurity™ configuration, create a backup of your current settings.

Troubleshooting:

- If websites become inaccessible after enabling ModSecurity™, temporarily disable it for the affected domains and review the error logs.

- For persistent issues, consider using ModSecurity™'s DetectionOnly mode to identify problematic rules without blocking traffic.

- If you encounter performance issues, try disabling more resource-intensive rules or consider upgrading your server resources.

Conclusion:

Enabling and configuring the ModSecurity™ Domain Manager via WHM is a crucial step in enhancing the security of your web hosting environment. By following this guide, you can effectively manage ModSecurity™ settings on a per-domain basis, providing customized protection for each website on your server. Remember to regularly review and update your ModSecurity™ configuration to maintain optimal security and performance.

By leveraging the power of ModSecurity™ Domain Manager, you can significantly improve your websites' resistance to common web-based attacks, ensuring a safer browsing experience for your users and protecting your valuable online assets.