Cantech Knowledge Base

Your Go-To Hosting Resource

  1. WHM
  2. How to enable ModSecurity™ Domain Manager via WHM panel?

How to enable ModSecurity™ Domain Manager via WHM panel?

ModSecurity is an effective web application firewall that secures your websites against many online attacks. It blocks malicious requests before they reach your applications, and it filters incoming web traffic too. You must enable this feature in WHM so that your hosting users can manage it for their own domains.

With the help of a firewall, you can prevent SQL injection and cross-site scripting attacks. ModSecurity uses certain rules to detect and neutralize these threats in real-time. Cantech servers are compatible with these high security levels to ensure your business is safe from hackers.

Steps to Install ModSecurity Vendors

The firewall requires a set of rules to work effectively. These are the steps involved in configuring the standard rule set on your server.

  • Log in to WHM: Go to your administration panel and log in with the credentials of your root account.
  • Navigate to Security Center: Find the Security Center menu in the side bar. All the key security modules of your Linux server are available here.
  • Click on ModSecurity Vendors: Select ModSecurity Vendors to access the management page. You will see a list of available providers for firewall rules.
  • Install the OWASP Rule Set: Locate the entry for the “OWASP ModSecurity Core Rule Set” in the list. Click the +install button and proceed with the setup.
  • Restart Apache: Confirm the process by clicking the button “Install and Restart Apache”. When the rules are ready, the system will show a success message.
  • Enable the Vendor: In the Enabled column, change the toggle button to the On position. This action activates the entire set of security rules for your web server.
  • Customize Rule Sets: To choose certain rules, you can click on the Edit button. You can turn individual rule sets On or Off according to your website needs.

How to Enable ModSecurity for Users

Once you have configured the server rules, you need to give your users permission to have access to the tool via Feature Manager in WHM.

  • Go to Packages: Return to the WHM Home screen and select the Packages category in the menu.
    Open Feature Manager: To see how your cPanel accounts are configured, click the Feature Manager link.
  • Go to the Manage feature list section, choose the list that your accounts are using at present, and then click the Edit button to modify the permissions.
  • Select ModSecurity™ Domain Manager: Scroll through the features until you get to ModSecurity Domain Manager. Check the box next to its name.
  • Save Your Changes: Move to the bottom of the page and click on save. Now your cPanel users can find the ModSecurity icon in their own dashboards.

Conclusion

ModSecurity is also a smart method of protecting your server against common web exploits. It provides an extra protection layer automatically on all domains in your account. Giving users the ability to access the Domain Manager allows them to control the security of their own sites.

Frequently Asked Questions

Does ModSecurity affect website performance?

ModSecurity is fast and consumes little CPU to scan each request. This delay is almost impossible to notice on a powerful Cantech server. The security benefits of the firewall are much more than the tiny impact on performance.

Why is my website showing a 403 error after enabling this?

A 403 error often means the firewall has blocked a request that looks suspicious. Sometimes legitimate website actions can trigger a “false positive” block. You can check the ModSecurity logs in cPanel to see which specific rule is causing the issue.

Can users turn off ModSecurity for their own sites?

Yes, when you enable the Domain Manager in the Feature Manager, users are able to switch protection. During testing new code, they can turn it off on individual domains, but we would always recommend that it be turned on for production sites.

What is the OWASP Rule Set?

OWASP is a global organization that maintains a list of the most prevalent web security threats. The best option among the global users of ModSecurity is their Core Rule Set, which is a free set of rules that defends against these threats.

May 19, 2026