AppConfig and Mod Security

BillyS

Well-Known Member
Mar 22, 2013
62
4
58
cPanel Access Level
Root Administrator
When working in WHM, in Home > Server Configuration > Tweak settings, if I set:

Allow apps that have not registered with AppConfig to be run when logged in as root or a reseller with the "all" ACL in WHM

To Off (since I'm assuming this is a more secure setting and the reason the feature was added...)

The Mod Security Add On Provides the following error:

HTTP error 401

cgi/addon_modsec.cgi

WHM is configured to disallow execution of unregistered applications when logged in as root or a reseller with the "all" ACL.

To enable this functionality you must do one of the following: Register this addon using /usr/local/cpanel/bin/register_appconfig (AppConfig), Enable the "Allow apps that have not registered with AppConfig to be run when logged in as root or a reseller with the "all" ACL in WHM" option in "Tweak Settings", or add permit_unregistered_apps_as_root=1 to /var/cpanel/cpanel.config, and run /usr/local/cpanel/etc/init/startcpsrvd
I'm not sure if the above really means Mod Security was turned off or it just wasn't accessable to me. I had just run EasyApache, so the Mod Security log was empty when I noticed the problem.

Is the above telling me the solution is as easy as running?:

Code:
/usr/local/cpanel/bin/register_appconfig /cgi/addon_modsec.cgi
Bill
 

Daky

Well-Known Member
May 22, 2005
56
0
156
I would like to know how to register this as well.


HTTP error 401
cgi/addon_modsec.cgi

WHM is configured to disallow execution of unregistered applications when logged in as root or a reseller with the "all" ACL. To enable this functionality you must do one of the following: Register this addon using /usr/local/cpanel/bin/register_appconfig (AppConfig), Enable the "Allow apps that have not registered with AppConfig to be run when logged in as root or a reseller with the "all" ACL in WHM" option in "Tweak Settings", or add permit_unregistered_apps_as_root=1 to /var/cpanel/cpanel.config, and run /usr/local/cpanel/etc/init/startcpsrvd


Please advise!
 

quietFinn

Well-Known Member
Feb 4, 2006
2,040
551
493
Finland
cPanel Access Level
Root Administrator
I'm not sure if the above really means Mod Security was turned off or it just wasn't accessable to me.
ModSecurity was not turned off, but you could not access addon_modsec.


Is the above telling me the solution is as easy as running?:

Code:
/usr/local/cpanel/bin/register_appconfig /cgi/addon_modsec.cgi
No, to register it you need a config file, see here:
AppConfig
 

BillyS

Well-Known Member
Mar 22, 2013
62
4
58
cPanel Access Level
Root Administrator
quietFinn -

That's where I was looking... I'm on 11.38.1+, so I'm looking at these instructions:

Once 11.38.1+ is available, you should refrain from installing your app config manually. You should use the new tools available:

/usr/local/cpanel/bin/register_appconfig <appconfig_file>


That's why I was suggestion this:
Code:
/usr/local/cpanel/bin/register_appconfig /cgi/addon_modsec.cgi
 

quietFinn

Well-Known Member
Feb 4, 2006
2,040
551
493
Finland
cPanel Access Level
Root Administrator
/usr/local/cpanel/bin/register_appconfig <appconfig_file>
<appconfig_file> is the configuration file for the application you are registering.
 

quietFinn

Well-Known Member
Feb 4, 2006
2,040
551
493
Finland
cPanel Access Level
Root Administrator
and what would be the conf file for this application?
This should work, file addon_modsec.conf in /var/cpanel/apps:
Code:
# name
name=addon_modsec

# Service that will serve this app
service=whostmgr
 
# Physical path: /usr/local/cpanel/3rdparty/Foo.php
# Literal URL path: $server:$port/$cpsession/3rdparty/Foo.php
url=/cgi/addon_modsec.cgi
 
# System user to run process as
user=root

# Required acls
acls=any

# Display name as show in the service ui
displayname=addon_modsec
then just run:
Code:
/usr/local/cpanel/bin/register_appconfig addon_modsec.conf
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,268
463
Yes, the example in the previous post will register the Mod_Security plugin with AppConfig. I tested this on a server and confirmed it works as expected. To note, there is an internal case open to address the AppConfig registration of plugins that are distributed with cPanel/WHM. For reference, the case number is 72993. It's not yet been determined if any changes in the behavior will be implemented.

Thank you.
 

Daky

Well-Known Member
May 22, 2005
56
0
156
This should work, file addon_modsec.conf in /var/cpanel/apps:
Code:
# name
name=addon_modsec

# Service that will serve this app
service=whostmgr
 
# Physical path: /usr/local/cpanel/3rdparty/Foo.php
# Literal URL path: $server:$port/$cpsession/3rdparty/Foo.php
url=/cgi/addon_modsec.cgi
 
# System user to run process as
user=root

# Required acls
acls=any

# Display name as show in the service ui
displayname=addon_modsec
then just run:
Code:
/usr/local/cpanel/bin/register_appconfig addon_modsec.conf
Thank you!

That worked.

I am having issue with clamv as well.

cgi/addon_clamavconnector.cgi

WHM is configured to disallow execution of unregistered applications when logged in as root or a reseller with the "all" ACL. To enable this functionality you must do one of the following: Register this addon using /usr/local/cpanel/bin/register_appconfig (AppConfig), Enable the "Allow apps that have not registered with AppConfig to be run when logged in as root or a reseller with the "all" ACL in WHM" option in "Tweak Settings", or add permit_unregistered_apps_as_root=1 to /var/cpanel/cpanel.config, and run /usr/local/cpanel/etc/init/startcpsrvd

Could you PLEASE help with this one?

Thanks
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,268
463
You should be able to use the same method for registering the ClamAV plugin that was used for Mod_Security. Simply update the file names to match the ClamAV plugin.

Thank you.
 

SuperBaby

Well-Known Member
Nov 27, 2003
345
1
166
Thailand
cPanel Access Level
Website Owner
Twitter
This should work, file addon_modsec.conf in /var/cpanel/apps:
Code:
# name
name=addon_modsec

# Service that will serve this app
service=whostmgr
 
# Physical path: /usr/local/cpanel/3rdparty/Foo.php
# Literal URL path: $server:$port/$cpsession/3rdparty/Foo.php
url=/cgi/addon_modsec.cgi
 
# System user to run process as
user=root

# Required acls
acls=any

# Display name as show in the service ui
displayname=addon_modsec
then just run:
Code:
/usr/local/cpanel/bin/register_appconfig addon_modsec.conf
This solves the problem. Thanks.
 

Secmas

Well-Known Member
Feb 18, 2005
391
21
168
Hello QuietFinn,
I am trying to create an addon_rvsitebuilder.conf with the following commands in the file:
# name
name=rvsitebuilder

# Service that will serve this app
service=whostmgr

# Physical path: /usr/local/cpanel/3rdparty/Foo.php
# Literal URL path: $server:$port/$cpsession/3rdparty/Foo.php
url=/cgi/addon_rvsitebuilder.cgi

# System user to run process as
user=root

# Required acls
acls=any

# Display name as show in the service ui
displayname=RVSiteBuilder

# Url to show in the service ui (relative to install path for whm this is cgi/)
entryurl=rvsitebuilder/index.php
But now it shows:
HTTP error 401
cgi/rvsitebuilder/index.php

What I have missed here?

Thanks in advance for your help.

Regards,

Sergio
 

quietFinn

Well-Known Member
Feb 4, 2006
2,040
551
493
Finland
cPanel Access Level
Root Administrator
You have the line:
entryurl=rvsitebuilder/index.php
Is that correct?

entryurl is optional key so you could try without it.
 

Secmas

Well-Known Member
Feb 18, 2005
391
21
168
Hello QuietFinn,
finally I managed to set the correct conf file for RVSBuilder, just in case someone needs it:

# name
name=rvsitebuilder

# Service that will serve this app
service=whostmgr

# Physical path: /usr/local/cpanel/3rdparty/Foo.php
# Literal URL path: $server:$port/$cpsession/3rdparty/Foo.php
url=/cgi/addon_rvsitebuilder.cgi
url2=/cgi/rvsitebuilder/setup.php
url3=/cgi/rvsitebuilder/index.php
url4=/cgi/rvsitebuilder/optimizer.php
url5=/cgi/rvsitebuilder/themes/default/sitebuilder/css/style.php
url6=/cgi/rvsitebuilder/themes/default_admin/sitebuilder/css/style.php
url7=/cgi/rvsitebuilderinstaller/index.php
url8=/cgi/rvsitebuilderinstaller/templates/installer.php
url9=/cgi/rvsitebuilder/themes/default/css/installer.php

# System user to run process as
user=root

# Required acls
acls=any

# Display name as show in the service ui
displayname=RVSiteBuilder
Thanks to the RVSB team for giving me all the URLs needed for this to work.

Sergio
 
Last edited:

Secmas

Well-Known Member
Feb 18, 2005
391
21
168
Just in case someone needs the conf file for RVSKIN, here are the commands:

# name
name=rvskin

# Service that will serve this app
service=whostmgr

# Physical path: /usr/local/cpanel/3rdparty/Foo.php
# Literal URL path: $server:$port/$cpsession/3rdparty/Foo.php
url=/cgi/rvskinmanager/index.cgi
url2=/cgi/rvskinmanager/Rvbranding.cgi
url3=/cgi/rvskinmanager/rvDisableCpanelpackageFeatures.cgi
url4=/cgi/rvskinmanager/rvMainFtp.cgi
url5=/cgi/rvskinmanager/rvskinclearcache.cgi
url6=/cgi/rvskinmanager/Rvskinmanager.cgi
url7=/cgi/rvskinmanager/rvskinnewsmysql.cgi
url8=/cgi/addon_rvskinmanager.cgi

# System user to run process as
user=root

# Required acls
acls=any

# Display name as show in the service ui
displayname=RVSkin
Thanks to the RVSB team for giving me all the URLs needed for this to work.

Now I just need the Fantastico commands...

Sergio
 

yamaharr1

Well-Known Member
Jun 22, 2007
94
2
58
When I try to run

Code:
/usr/local/cpanel/bin/register_appconfig addon_modsec.conf
I get
The 'conf_file' must be readable and a plain file.
Anyone else getting this?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,268
463
Have you created the addon_modsec.conf file in the /var/cpanel/apps directory?

Thank you.