Issue
The warning message in UI:
ModSecurity works in "DetectionOnly" mode.
Set "SecRuleEngine" directive to "On" state to keep your server protected.
Environment
- Imunify360
- ModSecurity
- WHM/cPanel
Solution
1. The "SecRuleEngine" can be enabled via the ModSecurity configuration. It can be found using the following command:
# grep -ri "SecRuleEngine" /etc
2. Otherwise, the directive "SecRuleEngine On" can be added to the file:
/etc/apache2/conf.d/modsec/modsec2.user.conf
3. Restart the webserver after the modification to apply the changes. The Imunify dashboard will also need some time to update the information to hide this warning.
4. It is also recommended to use the guidelines from the documentation:
https://docs.imunify360.com/ids_integration/#modsecurity-settings
5. Make sure the parameters inside the menu WHM » Security Center » ModSecurity™ Configuration » Configure Global Directives correspond to the recommendation provided.
Useful links
- https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29#SecRuleEngine
- https://forums.cpanel.net/threads/how-to-enable-secstatusengine.627203/
Comments
0 comments
Please sign in to leave a comment.