ModSecurity 3 is a web application firewall. You can use ModSecurity on systems that run Apache and NGINX®. ModSecurity 3 is now a library, and you must install a connector for your web server in order for it to function.
ModSecurity 3 is compatible with systems that run both Apache and NGINX.
ModSecurity 3 is only compatible with CentOS 7 on systems that run NGINX.
ModSecurity 3 is experimental. You must install the Experimental Repository to use it.
You can install ModSecurity 3 in two ways.
Use the EasyApache 4 interface (WHM > Home > Software >> EasyApache 4) to install the following packages:
Install one of the following connectors:
ea-modsec30-connector-nginx — Install this package if your system runs NGINX.ea-modsec30-connector-apache24 — Install this package if your system runs Apache.Install the ea-modsec30-rules-owasp-crs package — This installs the OWASP rule set for ModSecurity 3.
Run the following commands to install ModSecurity 3 on the command line:
Install one of the following connectors:
yum install ea-modsec30-connector-nginx yum install ea-modsec30-connector-apache24Run the following command to install the OWASP rule set:
yum install ea-modsec30-rules-owasp-crs
Depending on which ModSecurity connector you use, the system uses different configuration file locations.
If you install the NGINX connector, ModSecurity uses the following configuration files:
| Path | Description |
|---|---|
/etc/nginx/conf.d/modsec30.conf |
This file contains your ModSecurity default configuration and Include directives for the following modsec30.cpanel.conf and modsec30.user.conf files. |
/etc/nginx/conf.d/modsec/modsec30.cpanel.conf |
This file contains the custom configurations and rules you defined in the cPanel & WHM user interface. |
/etc/nginx/conf.d/modsec/modsec30.user.conf |
This file contains any ModSecurity settings that you cannot set via cPanel & WHM. You must edit this file manually if you wish to use it.
Important:
Use caution when you edit the
modsec30.user.conf file, as unexpected results may occur. |
/etc/nginx/conf.d/modsec_vendor_configs/ |
This directory contains your ModSecurity vendor configurations. |
/var/log/nginx/modsec30_audit/ |
This directory contains the ModSecurity log files. |
ModSecurity uses concurrent logging with NGINX.
If you install the Apache connector, ModSecurity uses the following configuration files:
| Path | Description |
|---|---|
/etc/apache24/conf.d/modsec30.conf |
This file contains your ModSecurity default configuration and Include directives for the following modsec2.cpanel.conf and modsec2.user.conf files. |
/etc/apache2/conf.d/modsec2.cpanel.conf |
This file contains the custom configurations and rules you defined in the cPanel & WHM user interface. |
/etc/apache2/conf.d/modsec/modsec2.user.conf |
This file contains any ModSecurity settings that you cannot set via cPanel & WHM. You must edit this file manually if you wish to use it.
Important:
Use caution when you edit the
modsec2.user.conf file, as unexpected results may occur. |
/etc/apache2/logs/modsec_audit/ |
This directory contains the ModSecurity log files. |
modsec2 in their naming convention due to limitations on the system.mod_ruid2 or mod_mpm_itk are installed. If they are not installed, it uses serial logging.We provide the OWASP® ModSecurity core rule set for ModSecurity 3 rules via RPM. You must install the ea-modsec30-rules-owasp-crs RPM to use it.
You can only install a third-party rule set if that rule set supports ModSecurity 3.
If you attempt to install an unsupported rule set in WHM’s ModSecurity® Vendors interface (WHM >> Home >> Security Center >> ModSecurity® Vendors) with ModSecurity 3 installed, the system will disable the rule set and return an error in the interface.
ModSecurity 3 formats its rules differently than ModSecurity 2.
There are several behavior differences between ModSecurity 2 and ModSecurity 3.
This list is not comprehensive.
ModSecurity 3 does not support the SecDataDir directive.
ModSecurity 3 with NGINX does not support the following directives:
SecConnEngineSecDisableBackendCompressionSecDataDirSecGsbLookupDbSecGuardianLogModSecurity 3 with NGINX may return a 406 response code in situations where ModSecurity 2.9 would return a 403 response code.
Copyright © 2026 All Rights Reserved
