1. rinkleton

    ModSecurity - Edit Custom Rules

    It seems like it is no longer possible to disable rules from the Edit Custom Rules interface in WHM (modsec2.user.conf). The modsec2.conf files includes this one before the modsec2.cpanel.conf file because "user.conf must com before cpanel.conf to allow adminsitrators to selectively disable...
  2. I

    Load on Server Issue

    Since the last update to WHM 64 I realize that the server has become very unstable, the load has gone up a lot, the sites are falling frequently. I would like to know what may be happening. I do not know if it's a problem with the new mod_security rules or the update itself.
  3. rinkleton

    Upgrading mod security to OWASP 3.0

    When upgrading to OWASP 3.0, do the rules get all new ID's, or do they stay the same, in which case I will have to go through all of the currently disabled rules and re-enable?
  4. N

    Mod_Security Vendors

    How can I add some ModSecurity™ Vendor in cPanel/WHM? Answer: You can add more vendors to mod_security using ModSecurity™ Vendor Manager. To access, login as root user to your WebHostManager and find Security Center -> ModSecurity™ Vendor Manager. Some Vendors you can add: Comodo WAF For...
  5. S

    Apache Status page fails after 64 update

    Hi, I just updated our server to cpanel 64.0.11 and noticed a few issues. In WHM accessing the Apache Status page returns "Failed to receive status information from Apache." Accessing PhpMyAdmin via a users cPanel account will either hang on "Loading..." or display a 403/404 Security Token...
  6. S

    Unable to disable mod_security per domain in user interface

    Hi, It used to be possible BUT its gone somehow. I guess it was a cpanel decision and a workaround exist, right? What would it be? Also, is there a list of feature changes available? I do read the fixes in every updates, but I must have missed that one. Regards,
  7. M

    COMODO WAF Rule Blocking Access

    Starting at 3:30am EST (right after upcp / updates) , a bunch of my customers can't log in to their PHP cms's (WordPress and others). So I checked the error logs and saw a lot of this for each user who was getting 403'd at their admin areas: [:error] ModSecurity: Access denied with code 403...
  8. M

    217220 COMODO WAF: Request Missing a Host Header

    Hi Our WHM servers have updated their Comodo WAF rules overnight and we are now seeing the same issue on all of our servers: 2017-04-07 10:10:01 WARNING 200 Request:GET /whm-server-status Action Description: Warning. Justification: Operator EQ matched 0 at REQUEST_HEADERS. This is...
  9. J

    SOLVED Mod Security rule changes in cPanel 64

    We just got the 64.0.1 update last night. We're also having issues with installed SSL certs that aren't working. For example, our WHMCS system won't allow log ins and the cert won't display.
  10. C

    collections_remove_stale error

    Hello, I tried everything, but it just doesn't work. I keep getting this error on my apache error logs. ModSecurity: collections_remove_stale: Failed to access DBM file "/tmp/global": Permission denied Anyone know how to fix it? I'm using suphp with WAF modsecurity rules. It's Centos 7 with...
  11. 007basaran

    Rule processing failed mod_cgi.c - ModSecurity

    Hello All, I Have a little problem, Log Details 1; /usr/local/apache/logs/error_log ModSecurity: Rule processing failed (id=981138) [hostname "xxx"] Log Details 2; /usr/local/apache/logs/modsec_audit.log --dd51573f-H-- Message: Rule processing failed (id=981138) Apache-Handler...
  12. J

    OWASP ModSecurity Core Rule Set v3

    Shouldn't the OWASP vendor config file have the version added to the name or even another field to display the version. So if you have v2 and v3 installed you can differentiate between the two? If you look at the following files you will see they both have the exact same name v2...
  13. caisc

    Mod_Security rule to mitigate constant GET and POST request attack

    Hello, Recently I have noticed increased attack on our server using GET and POST request by random IPs. Need a working and tested mod_secutiy rule to fix this. Request forum members to plz help me to mitigate this sort of attack. We use CSF firewall but as the IPs are contantly changing cant...
  14. A

    ModSecurity: Access denied with code 406

    Hello I have a domain name today i am getting this error 502 Bad Gateway The server returned an invalid or incomplete response. I tried to contact support they said there is an issue with mod security issue ModSecurity: Access denied with code 406 (phase 1). Pattern match...
  15. mariusfv

    Easyapache 4 + Modsecurity + Mod_ruid2 errors

    Hi, OS: CentOS Linux release 7.3.1611 (Core) WHM/cPanel: WHM 62.0 (build 8) Server MPM: prefork PHP-FPM: Yes (php-fpm: master process (/opt/cpanel/ea-php70/root/etc/php-fpm.conf) / php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf) Installed packages via WHM: Yes Conflict...
  16. caisc

    Mod_security rules to prevent spam registrations and comments on wordpress sites

    Hi, Looking for some working set of Mod_security rules to prevent spam registrations and comments on wordpress sites on cpanel server did some search and found following set of rules - #comments blacklist SecAction "id:400000,phase:1,initcol:IP=%{REMOTE_ADDR},pass,nolog" SecRule IP: spam...
  17. W

    SOLVED Googles IP are whitelisted, why and where?

    Hi there, since 22nd of Jan Google has performed an infrastructure update and many customer accounts are going over their bandwidth because Google is slurping like a mad dog! I have added a rule in mod-security to stop google-images but at no effort, it is completely ignored, is cPanel having...
  18. T

    SOLVED ModSecurity rule not working as I expected

    Hi all, I have added the rule below to ModSecurity Tools. I have cobbled it together from documentation and online forums as I couldn't find an existing rule that would do what I wanted. I'm no guru so any help is much appreciated! It's meant to restrict access to the Wordpress login page...
  19. I

    SOLVED ModSecurity (OWASP CRS) cookie not "whitelisting"

    Hi guys, I've been a bit back and forth trying to "whitelist" a Magento2 Cookie which triggers Rule 981243 in OWASP CRS for apparent SQLi injection probing. When attempting to add SecRuleUpdateTargetById 981243 !REQUEST_COOKIES:section_data_ids into ModSecurity Tools > Rules List > Add Rule...
  20. Q

    mlogc on EA4?

    EA3 provided the mlogc binary for ModSecurity at /usr/local/modsecurity/bin/mlogc. On a fresh EA4 box I'm unable to find mlogc. Are there any plans to include it and/or a status on this? It's extremely helpful for monitoring modsecurity hits in an environment with numerous servers.