modsecurity

  1. joaosavioli

    SOLVED Comodo WAF causes slow server after recent update

    Hello, Since today morning, my two servers with comodo waf modsecuritys rules are too slow (apache request is very very slow). The load goes down when I turn off modsecurity. It´s performed when I turn on cpanel rules too. Do you have any idea to hep me fix it? Thank you. Joao
  2. K

    Editing ModSecurity vendor rules

    Hello, Is there any way to edit the ModSecurity included vendor rules ? I'm using OWASP as a Vendor and I want to edit a single rule of theirs. I was not able to find a way through WHM. Is there any other way to edit such rule, for example through the command line ? Regards!
  3. F

    ModSecurity Inbound Anomaly Score Exceeded

    Hello, I have some questions about ModSecurity. I have this email: Time: Tue Aug 29 17:56:39 2017 +0200 IP: [Removed] Failures: 10 (mod_security) Interval: 3600 seconds Blocked: Permanent Block Log entries: [Tue Aug 29 17:56:34.795036 2017] [:error] [pid 10514] [Removed]...
  4. E

    Let customers view and whitelist mod_security rules?

    I see that cpanel now offers a ModSecurity feature in the end-user cpanel, so they can enable/disable mod_security on their account. Is it possible for the customer to see a list of "hits" that the modsecurity system has had for their website? And is it also possible for the customer to...
  5. Samet Chan

    What is different mod_security and mod_security2?

    Dear, I didn't found mod_security, but not mod_security2 is already installed on my VPS Server WHM in EA4. But, What is different mod_security and mod_security2? Or it is same?
  6. F

    cxs ModSecurity Scanning (disabled)

    Hi People. I was looking on my cPanel server, and I found that the modsec scanning was disabled, when I tried to enable the server, I received that message, but the service is not changing to enabled.... Any idea what is happening? Regards Federico. [Removed - Included Real Domain Names]
  7. Z

    SecRemoteRules - ModSecurity Vendor

    Is there way install ModSecurity rules with GUI ? Yes there is vendor list, but SecRemoteRules basic need only one line with subscription key. Now we need install manually always these other Shared Hosting ModSecurity rules Is some better way do this with cPanel/whm GUI ?
  8. J

    SecConnEngine - why is default off?

    We come back to this question every once in awhile and never find an answer. The WHM default for the mod_sec setting SecConnEngine is 'Do not process the rules'. There is practically nothing available anywhere that actually describes what the setting is for other than 'determines the actions of...
  9. D

    Mod Security Whitelist

    I'm getting a lot of false positives in Mod Security from my own IP, is it possible to whitelist my IP via WHM? I've read you can edit the files manually which I'd rather avoid.
  10. L

    [Case CPANEL-13602] ModSecurity Logs Are Getting Huge With Logging Off

    For the past month or so, I have watched as the amount of remaining disk space on the server has quickly decreased. I tracked it down to huge ModSecurity log files in /home/username/logs of the format: There were three files in each account, one for April, May, and June. Most of them were...
  11. bloatedstoat

    modsec rule 942100 not being blocked, status 200

    Hi there. We're running the third party CSF rules and cpanel OWASP ModSecurity Core Rule Set V3.0 on our server. Sifting the logs I've come across rafts of entries from the same IP address triggering the 942100 SQL Injection Attack Detected via libinjection rule. The severity is CRITICAL yet...
  12. S

    ModSec shows security scanner scanning 127.0.0.1

    Hello, I'm a bit worried here. I'm looking at the logs in ModSec and I see a whole bunch of these! 2017-06-21 11:19:03 127.0.0.1 170.81.59.28 CRITICAL 403 2017-06-21 11:19:03 127.0.0.1 170.81.59.28 CRITICAL 403 2017-06-21 11:19:03 127.0.0.1 170.81.59.28 403 2017-06-21 11:19:02 170.81.59.28...
  13. keat63

    failed to lock global mutex

    I've spent a good few hours trying to find an answer to this, but I'm struggling. Can anyone explain what this meas in apache logs. [Tue Jun 20 14:13:28.316922 2017] [:error] [pid 18909] [client xxx.xxx.xxx.xxx] ModSecurity: Audit log: Failed to lock global mutex: Invalid argument [hostname...
  14. R

    Modsecurity & Comodo WAF

    Hi Everyone, I recently moved from EasyApache 3 to 4 and i had Comodo WAF installed. Due to the move from 3-4 i had to reinstall Comodo WAF. Now for some reason it seems to be playing havoc with my Wordpress and Joomla installations. Has anyone else had this issue if so how did you resolve it...
  15. keat63

    MODSEC engine disabled

    ModSec appears to be working as I can see logs in apache error log, however, I'm seeing this message when i restart apache ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On. Can anyone advise ?
  16. K

    EA4 Mod security Fails

    Hi Why do I get errors when running EA4 build even though I dont have Comodo WAF enabled or setup The directory has no files in and CPanel mod security is disabled [Mon Jun 12 17:07:26.074176 2017] [:error] [pid 13433:tid 140145126704896] [client X.X.X.X] ModSecurity: Warning. String match...
  17. 0

    COMODO WAF broken after EA3 to EA4 update.

    After updating from EA3 to EA4 I received an email from cPanel saying "The EasyApache 4 migration found Apache Include directives in the ModSecurity 2 user configuration file, modsec2.user.conf.To ensure that your web server continues to function correctly, the system commented out these...
  18. J

    Mod_Security with CRS

    I am having trouble in browsing localhost when I turn the ServerEngineOn in Mod secuirty with CRS. Can anyone help?
  19. T

    ModSecurity audit log size growing continously

    Hi we have problem from yesterday modsec_audit.log log size growing continously i can't stop it .. Security Center » ModSecurity™ Configuration » Configure Global Directives set to Do not log any transactions. BUT logs still generated...
  20. rinkleton

    ModSecurity - Edit Custom Rules

    It seems like it is no longer possible to disable rules from the Edit Custom Rules interface in WHM (modsec2.user.conf). The modsec2.conf files includes this one before the modsec2.cpanel.conf file because "user.conf must com before cpanel.conf to allow adminsitrators to selectively disable...