The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Disable Mod Security for one domain

Discussion in 'Security' started by sahostking, Apr 21, 2014.

  1. sahostking

    sahostking Well-Known Member

    Joined:
    May 15, 2012
    Messages:
    300
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Cape Town, South Africa
    cPanel Access Level:
    Root Administrator
    Hi,

    I've been trying to assist a client who has been getting error 406 Not acceptable.
    It seems when disabling Mod security on his local machine it works fine but on our live server he gets this message.

    I tried the following:

    Created a directory:

    mkdir -p /usr/local/apache/conf/userdata/std/2/username/domain.com

    Then created a file:

    touch /usr/local/apache/conf/userdata/std/2/username/domain.com/mod_security.conf

    In that file I added:

    <IfModule mod_security2.c>
    SecRuleEngine Off
    </IfModule>


    I then ran:

    /scripts/verify_vhost_includes
    /scripts/ensure_vhost_includes --user=username
    /scripts/rebuildhttpdconf
    /etc/init.d/httpd restart


    To disable mod security for his domain but with no luck. Not sure why.
    Using Apache 2.4.9 with PHP5.4
    Cloudlinux, CageFS
    ModSecurity2 with Atomic ruleset

    Any ideas? Obviously cannot turn it off to please 1 client as we host 1000s of sites. But we like to treat each client as our only one :)
     
    #1 sahostking, Apr 21, 2014
    Last edited: Apr 21, 2014
  2. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider
    Can you make sure the include is set up in the user's vhost? The later commands you run should have done this, and your usage of the include is indeed correct. So perhaps the include just isn't, you know, included. In the user's vhost block, you should see something like this:


    Code:
    Include "/usr/local/apache/conf/userdata/std/2/$user/*.conf"
    

    Also, just checking, but how are you concluding the modsec is NOT disabled? Are you getting errors, log hits, etc?
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,480
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  4. sahostking

    sahostking Well-Known Member

    Joined:
    May 15, 2012
    Messages:
    300
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Cape Town, South Africa
    cPanel Access Level:
    Root Administrator
    yes shows in logs and website still gives a 406 error. We also always had that addon installed and doesnt help.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Could you elaborate on how it does not help? For instance, have you tried disabling Mod_Security through that addon's native options? Also, what is the exact 406 error message you receive?

    Thanks.
     
  6. sahostking

    sahostking Well-Known Member

    Joined:
    May 15, 2012
    Messages:
    300
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Cape Town, South Africa
    cPanel Access Level:
    Root Administrator
    It does not disable. We still see errors about Mod Security. Yes we have tried disabling it with the options of Config Modsec Control aswell as doing the include trick in httpd.conf which also does nothing. We also now reran upcp --force with same result. Very strange

    Code:
    --98802e25-B--
    POST /admin/structure/views/view/display_products/preview/page/ajax HTTP/1.1
    Host: domain
    Connection: keep-alive
    Content-Length: 12179
    Cache-Control: max-age=0
    Accept: application/json, text/javascript, */*; q=0.01
    Origin: http://domain
    X-Requested-With: XMLHttpRequest
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.116 Safari/537.36
    Content-Type: application/x-www-form-urlencoded
    Referer: http://domain/admin/structure/views/..._products/edit
    Accept-Encoding: gzip,deflate,sdch
    Accept-Language: en-US,en;q=0.8,es;q=0.6
    Cookie: SESS81fa2355b02c295c877cc89c84c9ea08=_QfHj0iPNidELLR3YgsIuDvHItYI_kZF94BDYLiKW6gR9KYDGNzpd7L5HSZ3cef4SNX_PD0s8IUboFCR1iBl2w..; Drupal.toolbar.collapsed=0; has_js=1
    
    --98802e25-F--
    HTTP/1.1 406 Not Acceptable
    Vary: User-Agent
    Content-Length: 0
    Keep-Alive: timeout=2, max=86
    Connection: Keep-Alive
    Content-Type: text/html
    
    --98802e25-H--
    Stopwatch: 1398426829207293 1109584 (- - -)
    Stopwatch2: 1398426829207293 1109584; combined=16, p1=0, p2=0, p3=0, p4=0, p5=15, sr=0, sw=1, l=0, gc=0
    Producer: ModSecurity for Apache/2.7.7 (ModSecurity: Open Source Web Application Firewall).
    Server: Apache 
     
    #6 sahostking, Apr 25, 2014
    Last edited: Apr 25, 2014
  7. sahostking

    sahostking Well-Known Member

    Joined:
    May 15, 2012
    Messages:
    300
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Cape Town, South Africa
    cPanel Access Level:
    Root Administrator
    After tons of troubleshooting and trying different methods, we tried something simple.

    Wait for it........

    Remove the customer out of CageFS as we use Cloudlinux.

    Amazingly it worked. :)

    Finally. Yippeee
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  9. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider

    You may want to report this to CL as a bug. I don't see why CageFS has any valid reason to interfere with Apache configs in this fashion.
     
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    I noticed a thread was opened for the issue here:

    CageFS and ModSecurity 406 Error

    Feel free to submit a ticket directly to Cloud Linux through their help desk if you would like additional assistance.

    Thank you.
     
Loading...

Share This Page