LogoفارسیFA

ModSecurity 3, NGINX Standalone, and Sitejet Custom Template Management in cPanel & WHM

This article covers three important areas of new cPanel & WHM features: 1) ModSecurity 3 and its differences from version 2 2) NGINX Standalone web server and its limitations 3) How to add and manage Sitejet custom templates to serve cPanel users This guide is written for server administrators, hosting providers, and cPanel partne

ModSecurityNGINX StandaloneWHM

~3 min read • Updated Feb 18, 2026

1. What Is ModSecurity 3?


ModSecurity 3 is a powerful open-source Web Application Firewall (WAF) that protects your server against common web attacks such as SQL Injection, XSS, RCE, and more.


Main differences from ModSecurity 2:

  • ModSecurity 3 is no longer an Apache module; it is a standalone library.
  • It requires a connector for Apache or NGINX to function.
  • It supports the OWASP Core Rule Set (CRS).
  • It is provided as an Experimental feature and requires the EA4 Experimental repository.

Compatibility:

  • Works with both Apache and NGINX.
  • Available in cPanel & WHM version 112 and above.


2. Installing ModSecurity 3


Method 1 — Install via WHM (Recommended)

Navigate to:

WHM → Home → Software → EasyApache 4

Under Customize, select:

  • Apache Modules
  • NGINX Modules

Install the following packages:

  • ea-modsec30-connector-nginx — for NGINX
  • ea-modsec30-connector-apache24 — for Apache
  • ea-modsec30-rules-owasp-crs — OWASP CRS rules

Finally, click Provision.


Method 2 — Install via Command Line

# For NGINX
yum install ea-modsec30-connector-nginx

# For Apache
yum install ea-modsec30-connector-apache24

# OWASP CRS rules
yum install ea-modsec30-rules-owasp-crs


3. ModSecurity 3 Configuration Files


If Using NGINX

File PathDescription
/etc/nginx/conf.d/modsec30.confDefault configuration + includes for cPanel and user configs
/etc/nginx/conf.d/modsec/modsec30.cpanel.confRules and settings generated by WHM/cPanel
/etc/nginx/conf.d/modsec/modsec30.user.confUser-level manual overrides (edit with caution)
/etc/nginx/conf.d/modsec_vendor_configs/Third‑party vendor rule sets
/var/log/nginx/modsec30_audit/ModSecurity audit logs (Concurrent Logging)

If Using Apache

File PathDescription
/etc/apache24/conf.d/modsec30.confDefault configuration + includes
/etc/apache2/conf.d/modsec2.cpanel.confcPanel-generated rules (name kept for compatibility)
/etc/apache2/conf.d/modsec/modsec2.user.confUser-level manual overrides
/etc/apache2/logs/modsec_audit/ModSecurity audit logs

Warning: Only edit user.conf files if absolutely necessary; incorrect rules may break websites.



4. Key Differences Between ModSecurity 2 and ModSecurity 3


Feature ModSecurity 2 ModSecurity 3 (NGINX) Description
SecDataDir Supported Not supported
SecConnEngine Supported Not supported
SecDisableBackendCompression Supported Not supported
SecGsbLookupDb Supported Not supported
SecGuardianLog Supported Not supported
Response Code Usually 403 Sometimes 406 NGINX behavior differs


5. NGINX Standalone (Legacy Experimental Feature)


NGINX Standalone replaces Apache as the primary web server. Apache is moved to ports 81 (HTTP) and 444 (HTTPS). Static content is served directly by NGINX, while dynamic content (PHP, etc.) is proxied to Apache.


Requirements

  • EasyApache 4
  • EA4 Experimental Repository
  • PHP-FPM enabled
  • ea-ruby27-mod_passenger (for Passenger apps)

Install

yum --enablerepo=EA4-experimental install ea-nginx-standalone

Uninstall

yum erase ea-nginx-standalone

Important Changes After Installation

  • Apache ports: 81 (HTTP) and 444 (SSL)
  • Main NGINX config: /etc/nginx/conf.d/ea-nginx.conf
  • Logs: /var/log/nginx/domains/domain.com and domain.com-ssl_log
  • Dynamic content is proxied to Apache

Limitations

  • WordPress Pretty Permalinks do not work without custom NGINX rules.
  • .htaccess is not supported — must be rewritten in NGINX syntax.
  • WordPress Multisite is not supported.

Written & researched by Dr. Shahin Siami

Next Article