Install ModSecurity Rules to cPanel with Manual

Edit file:

[root@cpanel]# nano -w /etc/apache2/conf.d/modsec/modsec2.user.conf

Syntax

SecRemoteRules SerialKey https://rules.malware.expert/download.php?rules=generic

And replace SerialKey with your subscription serial key!

modsec2.user.conf

### Malware.Expert - ModSecurity rules
## CPanel configuration
#
SecComponentSignature "ME WAF"
SecResponseBodyAccess Off

SecDefaultAction "phase:1,deny,log,status:406"
SecDefaultAction "phase:2,deny,log,status:406"

SecRemoteRulesFailAction Warn

SecUploadDir /tmp
SecTmpDir /tmp
SecUploadFileMode 0644

# Needed to Clamav scan
SecTmpSaveUploadedFiles on

SecRequestBodyAccess On

# If ClamAV Installed
#SecRule FILES_TMPNAMES "@inspectFile /usr/local/bin/runav.pl" \
#"phase:2,t:none,block,msg:'Virus found in uploaded file',id:'399999'"

# RBL - DDOS protection - https://malware.expert/rbl-database/
SecRule REQUEST_METHOD         "POST"          "id:'400010',phase:1,t:none,chain,drop,noauditlog,msg:'Malware host detected by rbl.malware.expert'"
SecRule REMOTE_ADDR            "@rbl rbl.malware.expert"

SecRemoteRules SerialKey https://rules.malware.expert/download.php?rules=generic

Restart apache to load rules!