This function adds, updates, and removes global ModSecurity™ configuration directives.
The function modifies these directives in the /usr/local/apache/conf/modsec2.cpanel.conf
file.
Important:
When you disable the Web Server role, the system disables this function.
This function only supports the following ModSecurity™ configuration directives:
| setting_id | Documentation |
|---|---|
| 0 | SecAuditEngine |
| 1 | SecConnEngine |
| 2 | SecRuleEngine |
| 3 | SecDisableBackendCompression |
| 4 | SecGeoLookupDb |
| 5 | SecGsbLookupDb |
| 6 | SecGuardianLog |
| 7 | SecHttpBlKey |
| 8 | SecPcreMatchLimit |
| 9 | SecPcreMatchLimitRecursion |
| setting_id required | integer [ 0 .. 9 ] The configuration setting's ID. Note: To configure multiple IDs, increment the parameter name. For example, setting_id=setting_id1=1 setting_id2=2 setting_id3=3 setting_id=1 |
required | string or string or string or string or integer The configuration setting's current state.
Some settings accept additional values for this parameter. See the references above for more inforamation. Note:
state=state1=On state2=On state3=Off state=On |
| remove | integer Default: 0 Whether to add or remove the configuration setting in the
remove=remove1=0 remove2=1 remove3=0 remove=1 |
object | |
object |
whmapi1 --output=jsonpretty \ modsec_batch_settings \ setting_id='1' \ state='On'
{- "data": {
- "updated_settings": [
- {
- "default": 1500,
- "description": "define the match limit of the PCRE library.",
- "directive": "SecAuditEngine",
- "engine": 1,
- "name": "Audit Log Level",
- "radio_options": [
- {
- "name": "Log all transactions.",
- "option": "On"
}
], - "setting_id": 1,
- "state": "On",
- "type": "radio",
}
]
}, - "metadata": {
- "command": "modsec_batch_settings",
- "reason": "OK",
- "result": 1,
- "version": 1
}
}