Change to OFF the ModSecurity on by default in new sites

Facundo · Sep 18, 2015

Hello!
I want to change by default that all new sites, domains or subdomains created in WHM/cPanel start with Mod Security ON, to OFF.
I don't want to disable ModSecurity from the server, just to that new function start disabled, and then if the user like, they can enabled in their cPanel

As an extra, i want to know how to disable ModSecurity by command line, SQL or whatever for a single user/account.

Thanks,
Facundo

cPanelMichael · Sep 21, 2015

Hello

I believe the functionality you are looking for is available in the following third-party plugin from ConfigServer:

http://www.configserver.com/cp/cmc.html

Thank you.

Facundo · Sep 21, 2015

Thank you Michael, i don't know that plugin.
Anyway, my problem continues... i need to manualy disable a lot of domains (3/4 clicks for each account!) and all new ones. Nobody know how can i do this in an efficient way?

cPanelMichael · Sep 21, 2015

There are no native options that allow you to disable Mod_Security for all domain names at once. The manual method of doing this is by modifying the Apache include file for each domain name. The plugin referenced in my last response is likely the easiest way to do this:

http://www.configserver.com/cp/cmc.html

Thank you.

Facundo · Sep 21, 2015

If ther isnt' a native option, i want to make it for my own... please help me with this:
From where (or where is stored) the cPanel take the information for know if the ModSecurity is on or off? Because if i edit the httpd.conf, cPanel ¿database? don't know the changes

May be with that, i can create a custom (beggining) template for all new domains or sub-domains to start with ModSec OFF

cPanelMichael · Sep 22, 2015

Facundo said:
From where (or where is stored) the cPanel take the information for know if the ModSecurity is on or off? Because if i edit the httpd.conf, cPanel ¿database? don't know the changes

Here are the steps you can take to disable Mod_Security for an individual account through the command line:

1. Create a directory for the domain you want to exclude:

Code:

mkdir -p /usr/local/apache/conf/userdata/std/2/USERNAME/DOMAIN.TLD

2. Create a mod_security conf file:

Code:

touch /usr/local/apache/conf/userdata/std/2/USERNAME/DOMAIN.TLD/mod_security.conf

3. Add the following line in that file:

Code:

SecRuleEngine Off

4. Save the file and then run:

Code:

/scripts/ensure_vhost_includes --user=USERNAME

Thank you.

Facundo · Sep 22, 2015

Great advance, thans a lot!

I can resolve part of my problems with a customization that not will not reflected in cPanels, but is almost something

Thread starter	Similar threads	Forum	Replies	Date
H	Users are allowed to change to any account	Security	8	Aug 23, 2023
C	Root email changed and cannot have access via WHM	Security	3	Aug 9, 2023
N	malicious attacks that changed my cpanel password	Security	3	Jul 27, 2023
M	ibtmp1 file rapid change is size	Security	2	Oct 21, 2022
K	SSL/TLS Weak Key Exchange Supported?	Security	6	Sep 6, 2022

Search

Search

Change to OFF the ModSecurity on by default in new sites

Facundo

Member

cPanelMichael

Administrator

Facundo

Member

cPanelMichael

Administrator

Facundo

Member

cPanelMichael

Administrator

Facundo

Member