modsecurity

  1. N

    ModSecurity update causing 403 Forbidden for PUT requests to server, requires editing tx.allowed_methods

    Hi all, this may be nothing but I wanted to post my experience this morning with our website suddenly refusing PUT requests. This morning I visited the WHM interface and got an upgrade popup saying that new ModSecurity rules would be installed (my memory is not perfect but it definitely...
  2. N

    SOLVED ModSecurity cPanel False Info on version 92.0.4?

    Hello, I have version 92.0.4 and I see something strange. When I go to an account in cPanel and then SECURITY> ModSecurity says: But I'm sure the modsecurity is enabled on the server. I test it and blocks successful rules in domains, server etc. It's something wrong with this info inside...
  3. S

    SOLVED ModSecurity: IP whitelisting doesn't work

    Hello, I have added exclude rule to ModSecurity in /etc/apache2/conf.d/modsec/modsec2.user.conf to whitelisting Googlebot from being blocked, but it doesn't work. Googlebot will still blocked if accessing to robots.txt. SecRule REMOTE_ADDR "^66\.249\.xxx\.xxx$"...
  4. M

    Show ModSecurity Hit List to customers

    Hello, Is there a way to show ModSecurity Hit List to customers in cPanel (not in WHM)? And also, is there any plugin to allow customers edit their own ModSecurity rules (disable some of them on specific URL, just like ConfigServer ModSec Control but at the cPanel side) ?
  5. cPanelTabby

    cPanel & WHM Version 92 to RELEASE!

    cPanel & WHM Version 92 to RELEASE! We are happy to announce that cPanel, L.L.C. has released cPanel & WHM Version 92 to the RELEASE tier! Some highlights of this release can be found below, but please check the Release Site for more information. Experimental ImageMagick for CentOS 8 For CentOS...
  6. cPanelTabby

    Easy Apache 4 November 23 Release

    EasyApache 4 November 23 Release We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. 2020-11-23 mod_security2 ZC-7925: Install...
  7. M

    ModSecurity request body on tmp not cleaned

    Hello, I have an issue with ModSecurity. Request body and file temporary file on /tmp isn't completely cleared, so I have to clean up very regularly /tmp to avoid it filling up all my disks. Would you know why it have this strange comportment? On the apache log, I found only this as relevant...
  8. V

    Centos 8 - mod_security v3 not working custom rules

    I'm running tests on Centos 8.2 and Cpanel v92. When I install mod_security v3 and want to add custom rules from the edit rules section, I see the following error. None of the SecConnEngine, SecRuleEngine, SecRule codes are recognized. Error: The system could not validate the new Apache...
  9. leonep

    ModSecurity Geolocation Database Setup

    Hi, i want to add Geolocation db in modsecurity config... looking to the description: so it appears ModSecurity accepts only GeoIp v1 format in the maxmind i found only Geoip2 database... any suggestions please??thanks a lot
  10. C

    modsecurity question

    Hello, I know cPanel is loaded with questions similar to what I'm seeing. But I started using (just today/yesterday) modsecurity rules. I'm seeing some permission denied errors for GeoIP and other and I think it is because I don't have a db path in the configuration section for modsecurity...
  11. S

    modsecurity ID's sequential?

    Are modsec rule ID's sequential? Like is their preference linear? If I want to whitelist an IP does my ID have to be as low as possible (eg. 1 thru say 200)? Or can I make it like 60000 and it will still work?
  12. cPAdminsMichael

    Experience with the new OWASP ModSecurity CRS 3.3?

    Hi guys, Does any of you have any experience yet with the newly released OWASP ModSecurity Core Rule Set v3.3 that was released last month? (OWASP ModSecurity Core Rule Set – The 1st Line of Defense Against Web Application Attacks) Worth trying out?
  13. L

    Modsecurity - Configure Individual Domains

    G'day All, Does anyone know where the notation is made within the modsec configuration when a user disables modsecurity for all or any domain within their cPanel? I've looked in the expected locations (/etc/apache2/conf.d/userdata etc.) without success. We just need to be able to produce a...
  14. A

    OWASP ModSecurity Core Rule Set V3.0 breaks after every update

    When I run "/usr/local/cpanel/scripts/modsec_vendor update OWASP3" I get the following errors: The system failed to update the vendor from the URL http://httpupdate.cpanel.net/modsecurity-rules/meta_OWASP3.yaml warn [modsec_vendor] The system failed to update the vendor from the URL...
  15. A

    How to Remove ModSecurity?

    Hi! I've searched this for thousands of topics and haven't found it, oddly enough. I would like to know from any of you how can I clear ModSecurity logs? I already deleted modsec_audit.log, but the logs continue. In my case I have more than 20,000 pages of logs.
  16. J

    In Progress [CPANEL-27532] /scripts/modsec_vendor update failed

    All of our servers are reporting identical update failures: The cPanel & WHM update process failed for the following reason: Maintenance ended; however, it did not exit cleanly (256). The following events were logged: “scripts/modsec_vendor”. Review the update logs to determine why the update...
  17. joaosavioli

    Limiting ModSecurity rule to specific files?

    Hi! Please, how could I limit the action of this rule only in wp-login.php and xmlrpc.php? SecRule REQUEST_HEADERS:User-Agent "@contains gecko" "id:5000501,t:none,t:lowercase,deny,nolog,msg:'BAD BOT - Detected and Blocked. '" Thank you! Joao
  18. weblinks

    Comodo WAF ModSecurity ruleset leading to large secdatadir cache files

    CLOUDLINUX 7.6 [] v78.0.23 Hi, I am getting this alert Time: Mon May 20 04:00:08 2019 +0500 ModSecurity persistent IP database (/var/cpanel/secdatadir/ip.pag) size is 51.73GB This requires further investigation otherwise it will start to affect server performance. but when I am checking...
  19. J

    SOLVED mod_security rule not working

    Trying to stop a bad bot from accessing server using mod_security rules. I have the following but it's not working. SecRule REQUEST_HEADERS:User-Agent "@rx ^(?:Datanyze)$" "msg:'Datanyze blocked',phase:1,log,id:777777,t:none,block,status:403" the word "Datanyze" is contained in the User...
  20. jonh

    Collections_remove_stale...

    I'm getting this error in ModSecurity: collections_remove_stale: Failed to access DBM file "/var/cpanel/secdatadir/global": Permission denied I don't have mod_druid2 enabled. All info says this is the issue, but I don't have this mod loaded/enabled. Causing not to be able to access admin ajax...