Edit file:
[root@cpanel]# nano -w /etc/apache2/conf.d/modsec/modsec2.user.conf
Syntax
SecRemoteRules SerialKey https://rules.malware.expert/download.php?rules=generic
And replace SerialKey with your subscription serial key!
modsec2.user.conf
### Malware.Expert - ModSecurity rules ## CPanel configuration # SecComponentSignature "ME WAF" SecResponseBodyAccess Off SecDefaultAction "phase:1,deny,log,status:406" SecDefaultAction "phase:2,deny,log,status:406" SecRemoteRulesFailAction Warn SecUploadDir /tmp SecTmpDir /tmp SecUploadFileMode 0644 # Needed to Clamav scan SecTmpSaveUploadedFiles on SecRequestBodyAccess On # If ClamAV Installed #SecRule FILES_TMPNAMES "@inspectFile /usr/local/bin/runav.pl" \ #"phase:2,t:none,block,msg:'Virus found in uploaded file',id:'399999'" # RBL - DDOS protection - https://malware.expert/rbl-database/ SecRule REQUEST_METHOD "POST" "id:'400010',phase:1,t:none,chain,drop,noauditlog,msg:'Malware host detected by rbl.malware.expert'" SecRule REMOTE_ADDR "@rbl rbl.malware.expert" SecRemoteRules SerialKey https://rules.malware.expert/download.php?rules=generic
Restart apache to load rules!