Tutorial :Detect if Mod_Security Is Installed With PHP?


Is there any simple way to detect if mod_security is installed & enabled using just PHP? Ideally without any exec() terminal type commands to be executed.

Some people have recommended using apache_get_modules() but this specific web-host does not allow it to show. This is also mentioned by other users here: http://www.devcomments.com/apache_get_modules-solution-to130703.htm


Try the apache_get_modulesfunction to get an array of the loaded modules. If that module is loaded but not listed there, you might want to try phpinfo with phpinfo(INFO_MODULES) instead:

ob_start();  phpinfo(INFO_MODULES);  $contents = ob_get_clean();  $moduleAvailable = strpos($contents, 'mod_security') !== false;  


You can do just create a test.php file and use..

<?php phpinfo(); ?>  

And look at the apache2handler, and look at: Loaded modules.. something like this...




Grasping at straws here.

Try having your script make a request to itself (via file_get_contents or maybe the cURL extension) that would trip mod_security. If it returns a 403 (or whatever mod_security's default response is), that should be enough information for you to go on...


You can search the get_loaded_extensions() function and use array_intersect() which will return matching values in an array else an empty array if it does not find anything matching.

$modSecurity = !empty(array_intersect(array_map('strtolower', get_loaded_extensions()), array('mod_security', 'mod security'))) ? true : false;  

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Next Post »