Skip to main content

How to force enable modsecurity for all User

webdsn
Based on security considerations I ready to disable the Modsecurity control button from Feature Manager before this, I need to force all User enable Modsecurity , But I can't find this function in WHM

Comments

6 comments

Date Votes
  • cPanelLauren
    If you have ModSecurity enabled at WHM>>Security Center>>ModSecurity Vendors and you remove the ability for your users to manage this it should be enabled for all users automatically.
    0
  • webdsn
    If you have ModSecurity enabled at WHM>>Security Center>>ModSecurity Vendors and you remove the ability for your users to manage this it should be enabled for all users automatically.

    Thanks for your reply I want to confirm that remove the ability for your users to manage is disable WHN >> Feature Manager >> ModSecurity" Domain Manager if I do this than modsecurity will enabled for all users ?
    0
  • cPanelLauren
    It will remain enabled but your users won't have access to the domain management portion of this UI in cPanel
    0
  • webdsn
    If the current state of this user is disable Will he automatically switch to enable?
    0
  • sahostking
    I'd also like confirmation on this and how to enable it. I disabled the feature on one server through feature manager so customers cant manage it anymore but I still see it disabled in the httpd.conf file via SecRuleEngine Off How do I enable it for all that have it disabled currently still.
    0
  • cPanelLauren
    I'd also like confirmation on this and how to enable it. I disabled the feature on one server through feature manager so customers cant manage it anymore but I still see it disabled in the httpd.conf file via SecRuleEngine Off How do I enable it for all that have it disabled currently still.

    What's that IfModule included in? It's set to off for all domains within the Proxymatch no matter what setting you have (which is unrelated to your per domain setting) SecRuleEngine Off
    The IfModule is only present if it's disabled and I confirmed on my own test account that when ModSecurity is enabled but the domain manager feature is disabled the VirtualHost still reflects no IfModule for modsec2
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post