modsecurity

  1. joaosavioli

    SOLVED How to disable modsecurity for an domain WHM

    Hi, Is it possible disable modsecurity protection for on domain by WHM in the new interface? Thank you! Joao
  2. P

    ModSecurity Hits List Status Code

    I have a ModSecurity rule that blocks several countries. SecRule REMOTE_ADDR "@geoLookup" "phase:1,chain,id:1,drop,log,msg:'Blocking Countries'" SecRule GEO:COUNTRY_CODE "@pm XX YY ZZ" However, on the ModSecurity Hits List, while I am seeing status codes of 403 and 404, I am also seeing...
  3. J

    SOLVED Modsecurity CMC whitelist being ignored

    This is a huge annoyance. Using configserver CMC. The configserver forums are basically dead so posting here to see if anyone else has had the same problem. Basically the mod_security CMC whitelist function doesn't work at all because the user disabled rules are applied in the wrong order. I...
  4. J

    SOLVED ModSecurity™ Tools The following exception has occurred: API failure

    Hi, when we click on ModSecurity™ Tools we see the following error: Error: The following exception has occurred: API failure: (XID Xxxx) Access denied for user 'modsec'@'XXXXXXX' (using password: YES) XXXXXXX should be our external database server. Where can I change the DB host? Already...
  5. A

    modsec logs when using ruid2

    Modsecurity is currently writing logs to per user directories under /usr/local/apache/logs/modsec_audit/$USER, i believe because ruid2 is enabled. However these logs are getting massive, and as they are owned by the user they are causing many users accounts to hit their disc quota. I cant find...
  6. J

    SOLVED Security feature to protect website hosting in cPanel

    Hello, I would like to know about security feature/plugin to protect website hosting in cPanel from any hack. Does cPanel have feature to protect SQL database like SQL injection? Are there any feature/ plugin to prevent attack website hosting in cPanel?
  7. R

    ModSecurity Tools Hits List is empty

    ModSecurity has recently been installed on the server using EA4. Server is standard cPanel configuration, nothing unusual. /usr/local/apache/logs/modsec_audit.log is logging data and looks correct. COMODO ModSecurity Apache Rule Set is installed as a vendor and enabled...
  8. T

    mod_security completely messed up beyond repair

    Suddenly (I assume due to to cpanel automatic update), the complete mod_security configuration is gone and almost all related files are missing. When trying to save the configuration (Home »Security Center »ModSecurity™ Configuration »Configure Global Directives) I get the message here...
  9. B

    Separate mod_security custom rule per account

    Hy guys, i got a nice question and think witch i think will be helpfull for anyone :) I whant to add one or more mod_security rules to work only for an domain name or cpanel account not the entire server. Example: I whant to block some countrys, or bad bots agents, or fake trafic but only for...
  10. S

    Mod_Security DBM Question

    Also, with just modsecurity and no mod_ruid2, I receive the DB error messages in the modsecurity logs under the /etc/apache2/logs/ directory. Is that normal? I've always hated those DB error messages. ModSecurity 3 is being released soon. It's not supposed to have those issues and it's...
  11. M

    How to prune massive modsec log archives

    I am seeing a massive list of daily modsec logs (each about 5 MB) archived from 11th May 2015 to 29th October 2016 at /usr/local/apache/logs/modsec_audit/nobody going something like this: drwxr-x--- 706 nobody nobody 32768 May 12 2015 20150511/ drwxr-x--- 756 nobody nobody 36864 May 13 2015...
  12. keat63

    some form of scanning going on

    I've returned in to the office this morning to find a number of entries that i'm concerned with. CSF is blocking based on 60 x 404 hits, this I'm fine with. However, I have entries for a number of IP's (probably proxies), where they've been scouring /usr/local/apache/htdocs. They are...
  13. hrace009

    mod_sec whitelist

    Hello, Some of my client running Xenforo, and need to whitelist modsec by ID. What i have got information from ModSec tools is this message: Request: POST /index.php?editor/to-bb-code Action Description: Access denied with redirection to http://www.domain.com/ using status 302 (phase 2)...
  14. S

    CSF and Mod Security

    Hi, I apologize if it's too obvious but do I need to install csf is mod security is enabled? Do they conflict if you have both of them active? Thank you in advance. Regards, Steven
  15. P

    Mod Ruid2 + mod security conflicts in EA4

    cPMichael Please confirm/deny problem does not persist in EA4 ?
  16. keat63

    Mod Security Laymans Terms

    Does anyone know of a list of MOD Sec rules, but in Laymans terms, something that explains in Laymans terms what was going on. For instance: 960034: HTTP protocol version is not allowed by policy. Match of "within %{tx.allowed_http_versions}" against "REQUEST_PROTOCOL" required. Means...
  17. B

    Mod Security Version

    Hello, I'll update my server software 11.42.1 to latest one. But I'm curious about my mod_sec rules. Is it compatible or not ? Because I didin't find latest whm mod_sec version. Regards
  18. keat63

    Comodo, are there any tests

    I installed Comodo Mod security this morning, and disabled OWASP. When I look at my logs, I usually see some sort of Mod Security entry from Owasp every 15 minutes or so, But I've seen nothing from Comodo in over two hours. Maybe Owasp is over zealous and has many false positives, however, to...
  19. rpvw

    EA4 and Mod Security

    Sorry if I missed something about this - I have spent the morning checking mod-security (I can hear you groan from here !!) and it appears to be working in that: * I can trigger mod sec events, and they are correctly logged in the Apache error log and in the mod sec audit log * Triggered mod...
  20. keat63

    Can I run Owasp with Comodo

    Is it possible to run Owasp and Comodo together. And if so, would this combination give an advantage over OWASP alone or Visa Versa ?