ConfigServer ModSecControl Questions

May 27, 2015
5
1
53
Philippines
cPanel Access Level
Root Administrator
Hi,

I have just submitted a support ticket before I saw this thread. I thought this is related so I'd like to post it here to get an answer.

================
Hi,

For a long time, we have been using CMC in our servers using gotroot rules. In recent Cpanel updates, we found out that some old configuration for CMC have ceased to work, i.e. domain level whitelisting function, which by the way is very handy on a shared hosting environment, in case certain rule creates a conflict only for one domain and good to be active for the rest of the domain.

Cpanel does not provide a way to disable Cpanel's ModSec Tools(CMT) via WHM and has to be done manually I believe, which I am not confident about. The existence of CMT creates a conflict with CMC configuration and results to a lot of invalid errors, i.e. screenshot: prntscr.com/79vntm

Also this

[Wed May 27 16:48:27.224797 2015] [:error] [pid 646798] [client 120.29.65.82] ModSecurity: collections_remove_stale: Failed to access DBM file "/var/cpanel/secdatadir/ip": Permission denied [hostname ""] [uri "/wp-content/plugins/jetpack/modules/wpgroho.js"] [unique_id "VWWE23dRoNwACd6O4T8AAAAE"]

I can't find a conclusive workaround to solve this, even on forum, other Cpanel users are complaining about similar issues,

http://forum.configserver.com/viewtopic.php?f=30&t=8505

Having said this, because of CMC's flexibility and ease of use plus straight forward integration with ConfigServer Exploit Scanner, I am inclined to stick with CMC unless I can get a good explanation about using CMT.

Having said that, what do you suggest?

In case I prefer to stick with CMC, can you share with me a way to disable CMT as if it doesn't exist so that it do not create conflict with CMC configuration and rules.

Thank you very much,

Owen
 
Last edited by a moderator:
May 27, 2015
5
1
53
Philippines
cPanel Access Level
Root Administrator
Now, concerning CMC features. I'd like to take note of the following.

-CMC allows global or domain level white listing of rules. Screenshot prntscr.com/79zawc
-Log Entries can be expanded in greater depth/details that allows quick analysis without having to login and check logs.
-Seamless integration with ConfigServer Exploit Scanner ( very useful security tool which Cpanel do not have yet )
 

Attachments

Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,250
463
Hello,

Please keep in mind that ConfigServer develops these applications. They will need to update their application in order to work with newer versions of cPanel. I suggest continuing to consult with them through their support channels regarding this issue.

Thank you.
 
May 27, 2015
5
1
53
Philippines
cPanel Access Level
Root Administrator
Thank you for the information guys.

I have installed Cpanel OWASP rules last night and this morning. We got a bunch of tickets requesting to unblock their IPs because they've been blocked by firewall due to OWASP false positive triggers.

I wonder if Cpanel ran a comprehensive test of these rules on shared hosting environment. I'm thinking it would be best if Cpanel could come up with a whitelisted rule database ideal for shared hosting. It's very tedious to be attending to blocking related tickets due to false positivess.

Screenshot: - Removed -
 
Last edited by a moderator:

dalem

Well-Known Member
PartnerNOC
Oct 24, 2003
2,983
159
368
SLC
cPanel Access Level
DataCenter Provider
run comodo wap here very few false positives
the OWASP is a third party use at you own risk not really cpanel's job to to police OWASP
 
May 27, 2015
5
1
53
Philippines
cPanel Access Level
Root Administrator
Hi Dalem,

Thanks for the update. I'll try COMODO then, aside from the rules I have blocked yesterday, I'm seeing a bunch of other false positive today.

About OWASP and Cpanel, I do know that OWASP is independent but what I'm thinking is that since Cpanel have included OWASP as an optional rule vendor by default, it would be great if Cpanel could at least maintain a database of rules that aren't ideal on a shared hosting environment so that users like myself will not have to go through a bunch of testing just to know which rules work and which do not. Then, we can simply have all those rules white listed or disabled.
 
  • Like
Reactions: hrace009

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,250
463
it would be great if Cpanel could at least maintain a database of rules that aren't ideal on a shared hosting environment so that users like myself will not have to go through a bunch of testing just to know which rules work and which do not. Then, we can simply have all those rules white listed or disabled.
Hello,

A "Report this hit" option is available on the ModSecurity Tools page when “More” is pulled down. It's important to use this feature if you want to alert the vendor about which rules are not suitable for a shared hosting environment.

Thank you.