The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Custom mod_security rules disappear

Discussion in 'Security' started by spry_jdk, Apr 23, 2015.

  1. spry_jdk

    spry_jdk Registered

    Joined:
    Jan 2, 2011
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    I have created 2 custom mod_security rules to whitelist specific IP addresses. I am doing this through the ModSecurity Tools -> Rules List -> Add Rule interface in WHM.

    On at least two separate occasions, these custom rules have disappeared. The last incident happened today. I just happened to check on them yesterday (because I was looking up the syntax for the rule), and they were there, so I am certain that this is actually occurring and not just a fluke.

    I have the OSWAP Core Ruleset enabled. I am wondering if they get wiped out when the ruleset is updated.

    1. Is there a way to prevent my custom rules from being deleted?
    2. If not, is there a way to get notified when the ruleset is updated so I can reapply my custom rules?

    Thanks,
    Julia
     
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Julia,

    The add rules interface in WHM will add the rules to /usr/local/apache/conf/modsec2.user.conf. Some hosting providers manage this file for you, so you should check in the file /usr/local/apache/conf/modsec2.user.conf to see if there is any information in there. The owasp ruleset does get updated by cPanel so if you added custom rules to the actual OWASP rules files you should expect them to disappear.

    Worst case you could use a file like /usr/local/apache/conf/includes/post_virtualhost_global.conf but this shouldn't be necessary.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  4. spry_jdk

    spry_jdk Registered

    Joined:
    Jan 2, 2011
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Thank you, both. I see my custom rules at the bottom of /usr/local/apache/conf/modsec2.user.conf now, so the process of adding it via the WHM UI is not the issue.

    At the top of this file, it says the following:
    ## DO NOT MAKE DIRECT MODIFICATIONS TO THIS FILE.
    # Changes to this file may be over-written by future upgrades to mod_security rules.
    # If you need to whitelist rules, please use /usr/local/apache/conf/modsec2/whitelist.conf

    The comments appear to be from my hosting provider, so I take it to mean that they are managing mod_security rules for me in a way that isn't compatible with the current functionality provided by WHM. I'll contact them to resolve the issue.

    Thanks,
    Julia


     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page