If you manage your server with WHM/cPanel, installation and administration of mod_security is very simple. Note that you should only attempt this installation if you have root access to your server.
First, it's necessary to install the core mod_security plugin via WHM's EasyApache utility. To run the utility, log in to WHM and navigate to the EasyApache section. Begin building a profile according to your preferred settings, and be sure to select mod_security for installation with your build. Build the profile and allow time for it to complete.
At this point, mod_security will be installed on your server, but administration remains somewhat advanced if you would prefer to work within a control panel. Fortunately, ConfigServer produces a free cPanel plugin to bring a mod_security interface within the WHM panel. The plugin is called ConfigServer ModSecurity Control (cmc).
To install the plugin, access your server as the root user via SSH, and run the following command:
wget http://configserver.com/free/cmc.tgz;tar -xzf cmc.tgz;cd cmc/;sh install.sh
Check your terminal to ensure a successful installation with no errors. If all went well, you can refresh WHM and navigate to the Plugins section. Select the ConfigServer ModSecurity plugin, and enjoy configuring your free new web application firewall!
Note that this process will not install a mod_security rule set, so it will not offer any security "out of the box." We have posted another article containing a basic mod_security ruleset that can be copied into the cmc plugin interface.
