Paper Lantern for cPanel accounts is being retired this year. Find out more »
cPanel & WHM Version 102 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!

Incorporate WAF-FLE ModSecurity Console for clustering

Rick Calwell shared this idea 7 years ago
Open Discussion

One big issue for clusters of cPanel servers is mod_security configurations and rules. Right now, "every" server still has to be touched by hand to update these rules. So, mod_security rules need to be added to the master cluster config which can then be copied to all the nodes.

Another HUGE step forward is inclusion of WAF-FLE as a mod security monitoring console so that you can watch a cluster of servers with mod_security.

This is one of those "must haves" for multi-server hosting environments.


WAF-FLE is a OpenSource ModSecurity Console, allows modsecurity admin to store, view and search events sent by sensors using a graphical dashboard to drill-down and find quickly the most relevant events. It is designed to be fast and flexible, while keeping a powerful and easy to use filter, with almost all fields clickable to use on filter.

dashboard-300x278WAF-FLE Dashboard

The inicial resources required to run WAF-FLE are normaly low (check Deployment Guide in Documentation page). It is supported in virtual machines, and is supported in Linux and FreeBSD, but should run with other OS that support PHP and MySQL.


  • Central event console
  • Support Modsecurity in “traditional” and “Anomaly Scoring”
  • Brings mlog2waffle as a replacement to mlogc
  • Receive events using mlog2waffle or mlogcmlog2waffle: in real-time, following log tail, or batch scheduled in crontabmlogc: in real-time, piped with ModSecurity log, in batch scheduled in crontab
  • No sensor limit
  • Drill down of events with filter
  • Dashboard with recent events information
  • Almost every event data and charts are “clickable” deepening the drill down filter
  • Inverted filter (to filter for “all but this item”)
  • Filter for network (in CIDR format, x.x.x.x/22)
  • Original format (Raw) to event download
  • Use Mysql as database
  • Wizard to help configure log feed between ModSecurity sensors and WAF-FLE
  • Open Source released under GPL v2

Replies (2)


That would be great. WAF-FLE could be run on a VPS or dedicated server, so you should be able to define in WHM where the mod_security logs are push or a text box to paste the configuration generate by WAF-FLE Event Feeder Wizard.


The project does look interesting. I'm very hesitant to distribute or support something that hasn't received an update in nearly 18 months. When the tool is used for security purposes that's even more worrying.

Leave a Comment
Attach a file