Menu
Is there any simple way to detect if mod_security is installed & enabled using just PHP? Ideally without any exec() terminal type commands to be executed.
Some people have recommended using apache_get_modules() but this specific web-host does not allow it to show. This is also mentioned by other users here: http://www.devcomments.com/apache_get_modules-solution-to130703.htm
852
phpinfo(); ?> Step 4 – You can view the file by typing http://yourdomain/phpinfo.php in your browser's address bar. Once loaded, search for mod_security2 and if you can't find such a section, the module is not installed.
Mod_security is an apache module that helps to protect your website from various attacks. It is used to block commonly known exploits by use of regular expressions and rule sets and is enabled on all InMotion web hosting plans.
ModSecurity is a rule-based firewall; it compares requests to a list of rules, looking for patterns that match attacks such as SQL injection, session hijacking, cross-site scripting, and more. Rules are typically provided as a rule set created by a third party, although users can add their own.
Try the apache_get_modulesfunction to get an array of the loaded modules. If that module is loaded but not listed there, you might want to try phpinfo with phpinfo(INFO_MODULES) instead:
ob_start();
phpinfo(INFO_MODULES);
$contents = ob_get_clean();
$moduleAvailable = strpos($contents, 'mod_security') !== false;
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
