We have a new documentation site for cPanel & WHM! You can find our new documentation site at docs.cpanel.net.

We will continue to maintain our API documentation on this server.

Page tree
Skip to end of metadata
Go to start of metadata

Overview

This document explains how to install and configure Apache's httpd-guardian script, which allows you to use ModSecurity's™ SecGuardianLog directive. This script monitors web server requests via the piped log mechanism to detect Denial-of-Service (DoS) attacks. It tracks of the number of requests that IP address sends and calculates request speed at one minute and five minute intervals. After the requests reach a specified threshold, the httpd-guardian script either emits a warning or blocks the IP address. Error messages from the http-guardian script reside in the /var/log/apache2/error_log file.

After you download and configure the httpd-guardian script, you can specify the path to the script in the Guardian Log section of WHM's ModSecurity Configuration interface (WHM >> Home >> Security Center >> Modsecurity Configuration).

Note:

The httpd-guardian script ships with a version of The Spread toolkit, an open source toolkit, that you can configure. However, the script does not require this toolkit to function correctly.

Install and configure the http-guardian script

To install and configure the http-guardian script, perform the following steps:

  1. Download the apache-tools repository from the sourceforge.net website. To do this, run the following command as the root user:

    cvs -z3 -d:pserver:anonymous@a.cvs.sourceforge.net:/cvsroot/apache-tools co -P apache-tools

    Note:

    If the Concurrent Versioning System (CVS) does not exist on your server, install it via the yum install cvs command.
  2. Open the /root/apache-tools/http-guardian file with a text editor and make any desired configuration changes. For example, to enable the system to log data that it receives from Apache, set the COPY_LOG variable's value to the log file's filepath. This will resemble the following example:

    # $COPY_LOG = "/var/lib/http-guardian.log";
    my $COPY_LOG;
  3. Log in to the WHM interface as the root user and navigate to WHM's ModSecurity Configuration interface (WHM >> Home >> Security Center >> Modsecurity Configuration).
  4. Enter the http-guardian script's path in the Guardian Log setting's text box, for example:

    /root/apache-tools/httpd-guardian
  5. After you save your changes in WHM's ModSecurity Configuration interface (WHM >> Home >> Security Center >> Modsecurity Configuration), restart Apache and check the process list for the httpd-guardian script. To do this, run the following command:

    ps faux | grep httpd-guardian | grep -v grep

    The output will resemble the following example:

    root 24722 0.0 0.3 28872 3272 ? S 19:31 0:00 \_ /usr/bin/perl -w /root/apache-tools/httpd-guardian

For more information about ModSecurity directives, read github.com's ModSecurity Reference Manual documentation.

Additional Documentation

There is no content with the specified labels

There is no content with the specified labels

There is no content with the specified labels