It seems like it is no longer possible to disable rules from the Edit Custom Rules interface in WHM (modsec2.user.conf). The modsec2.conf files includes this one before the modsec2.cpanel.conf file because "user.conf must com before cpanel.conf to allow adminsitrators to selectively disable...
Since the last update to WHM 64 I realize that the server has become very unstable, the load has gone up a lot, the sites are falling frequently. I would like to know what may be happening. I do not know if it's a problem with the new mod_security rules or the update itself.
How can I add some ModSecurity™ Vendor in cPanel/WHM?
Answer: You can add more vendors to mod_security using ModSecurity™ Vendor Manager.
To access, login as root user to your WebHostManager and find Security Center -> ModSecurity™ Vendor Manager.
Some Vendors you can add:
I just updated our server to cpanel 64.0.11 and noticed a few issues.
In WHM accessing the Apache Status page returns "Failed to receive status information from Apache."
Accessing PhpMyAdmin via a users cPanel account will either hang on "Loading..." or display a 403/404 Security Token...
It used to be possible BUT its gone somehow.
I guess it was a cpanel decision and a workaround exist, right?
What would it be? Also, is there a list of feature changes available?
I do read the fixes in every updates, but I must have missed that one.
Starting at 3:30am EST (right after upcp / updates) , a bunch of my customers can't log in to their PHP cms's (WordPress and others).
So I checked the error logs and saw a lot of this for each user who was getting 403'd at their admin areas:
[:error] ModSecurity: Access denied with code 403...
Our WHM servers have updated their Comodo WAF rules overnight and we are now seeing the same issue on all of our servers:
2017-04-07 10:10:01 127.0.0.1 WARNING 200
Action Description: Warning.
Justification: Operator EQ matched 0 at REQUEST_HEADERS.
I tried everything, but it just doesn't work. I keep getting this error on my apache error logs.
ModSecurity: collections_remove_stale: Failed to access DBM file "/tmp/global": Permission denied
Anyone know how to fix it?
I'm using suphp with WAF modsecurity rules. It's Centos 7 with...
Shouldn't the OWASP vendor config file have the version added to the name or even another field to display the version. So if you have v2 and v3 installed you can differentiate between the two?
If you look at the following files you will see they both have the exact same name
Recently I have noticed increased attack on our server using GET and POST request by random IPs.
Need a working and tested mod_secutiy rule to fix this.
Request forum members to plz help me to mitigate this sort of attack. We use CSF firewall but as the IPs are contantly changing cant...
I have a domain name example.com today i am getting this error
502 Bad Gateway
The server returned an invalid or incomplete response.
I tried to contact support they said there is an issue with mod security issue
ModSecurity: Access denied with code 406 (phase 1). Pattern match...
Looking for some working set of Mod_security rules to prevent spam registrations and comments on wordpress sites on cpanel server
did some search and found following set of rules -
SecRule IP: spam...
since 22nd of Jan Google has performed an infrastructure update and many customer accounts are going over their bandwidth because Google is slurping like a mad dog!
I have added a rule in mod-security to stop google-images but at no effort, it is completely ignored, is cPanel having...
I have added the rule below to ModSecurity Tools. I have cobbled it together from documentation and online forums as I couldn't find an existing rule that would do what I wanted. I'm no guru so any help is much appreciated!
It's meant to restrict access to the Wordpress login page...
I've been a bit back and forth trying to "whitelist" a Magento2 Cookie which triggers Rule 981243 in OWASP CRS for apparent SQLi injection probing.
When attempting to add SecRuleUpdateTargetById 981243 !REQUEST_COOKIES:section_data_ids into ModSecurity Tools > Rules List > Add Rule...
EA3 provided the mlogc binary for ModSecurity at /usr/local/modsecurity/bin/mlogc. On a fresh EA4 box I'm unable to find mlogc. Are there any plans to include it and/or a status on this? It's extremely helpful for monitoring modsecurity hits in an environment with numerous servers.