Is there any simple way to detect if mod_security is installed & enabled using just PHP? Ideally without any exec() terminal type commands to be executed.
Some people have recommended using apache_get_modules() but this specific web-host does not allow it to show. This is also mentioned by other users here: http://www.devcomments.com/apache_get_modules-solution-to130703.htm
Try the apache_get_modulesfunction to get an array of the loaded modules. If that module is loaded but not listed there, you might want to try phpinfo with phpinfo(INFO_MODULES) instead:
ob_start();
phpinfo(INFO_MODULES);
$contents = ob_get_clean();
$moduleAvailable = strpos($contents, 'mod_security') !== false;
You can do just create a test.php file and use..
<?php phpinfo(); ?>
And look at the apache2handler, and look at: Loaded modules.. something like this...
http://gyazo.com/bcba303469f23671f7213e1478788cbd.png
-Mike
Grasping at straws here.
Try having your script make a request to itself (via file_get_contents or maybe the cURL extension) that would trip mod_security. If it returns a 403 (or whatever mod_security's default response is), that should be enough information for you to go on...
You can search the get_loaded_extensions() function and use array_intersect() which will return matching values in an array else an empty array if it does not find anything matching.
$modSecurity = !empty(array_intersect(array_map('strtolower', get_loaded_extensions()), array('mod_security', 'mod security'))) ? true : false;
