Symptoms
- Mod Security log
/var/log/modsec_audit.log
is empty; - The command below shows that ModSecurity is disabled:
# /usr/local/psa/admin/bin/modsecurity_ctl -s
Disabled
Cause
ModSecurity is not enabled on the server.
Resolution
- Log in the server via SSH.
Note: if direct SSH access to the server is not possible, contact server administrator for further assistance.
-
To enable Mod Security use the following command:
# /usr/local/psa/admin/bin/modsecurity_ctl -e
-
After that operation,
/var/log/modsec_audit.log
will be created in the following directory:# ls -la /var/log/modsec_audit.log
-rw-r—– 1 root root 865608 Jun 29 09:37 /var/log/modsec_audit.log
Note: if ModSecurity is enabled and /var/log/modsec_audit.log
 is empty, it means that no attack/threads are detected.
OR
ModSecurity is set to Detection only and it writes to Apache logs.