The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Disabling mod_sec on a virtual host

Discussion in 'Security' started by schwim, Apr 9, 2010.

  1. schwim

    schwim Well-Known Member

    Joined:
    Aug 2, 2006
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    16
    Hi there everyone,

    I've recently moved a cms from one host(a dedicated server on GoDaddy) to another (virtual ded through InMotion). Since the move, frustrated visitors have begun finding ways to contact me to let me know that they are no longer able to get to the site. Some have found workarounds by using particular links from other sites. Some of the errors they have provided me leads me to believe they're being stopped by mod_security. I've googled and found the following code:

    Code:
    IfModule mod_security2.c>
    SecRuleEngine Off
    </IfModule>
    
    but the links I'm finding tell the poser to put it in an account's virtual directory, which I'm having problems finding information on.

    Can I just place this in the root htaccess or do I need to place it elsewhere?

    thanks for your time,
    json
     
  2. cPanelJamyn

    cPanelJamyn Social Engineer
    Staff Member

    Joined:
    Jan 29, 2009
    Messages:
    105
    Likes Received:
    2
    Trophy Points:
    0
    Hi,

    Although you were able to use public_html/.htaccess to disable mod_security (v2), with mod_security2, you can no longer do this by default as the developers of that product consider it to be a potential security risk.

    Rather than completely disabling mod_security for your account, your host should be able to review their /usr/local/apache/logs/error_log for any mod_security hits against your account, and then determine which rule may be triggering the problem.

    If they are unable to modify the rule to stop the false positives for some reason, they can instead set an exemption for you on a per-virtualhost or per-user basis. The documentation for that route is available on docs.cpanelnet, at EasyApache3>EasyApache>CustomDirectivesEditAttach. Otherwise, your IfModule directive looks ok (although it's missing it's leading <): Ex:

    <IfModule mod_security2.c>
    SecRuleEngine Off
    </IfModule>

    Let me know if you need any clarification. Thanks!
     
  3. Beansprout

    Beansprout Active Member

    Joined:
    Sep 12, 2005
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Indeed, great new tool by chirpy.
     
  5. schwim

    schwim Well-Known Member

    Joined:
    Aug 2, 2006
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    16
    Hi there everyone,

    The host disabled mod_sec for me so I contacted some of the people that had reported problems. Three have responded. Two state that they can see the site just fine, while one is still receiving an error, that being:

    :(

    If it's not mod_sec, what else could be causing an error of this type? I'm not sure what else to try and searches come up with ancient threads dealing with IE 5 and 6. To make sure that we weren't dealing with that, I had him visit a site to provide me his user-agent(he's using IE 8). The other thing I tried was to ask him to visit it through a proxy. When he does that, he's able to see the site.

    Any ideas would be welcome.

    thanks,
    json
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Not sure how helpful this might be, but if you want, send me a PM with a link to the site. (or post it here if you like)
     
  7. schwim

    schwim Well-Known Member

    Joined:
    Aug 2, 2006
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    16
    Hey there info,

    The site in question is Unofficial Husaberg - Welcome! . Let me know if there's anything else I might be able to provide.

    thanks,
    json
     
  8. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I don't see anything that might be an issue on the site. Having modsecurity enabled is surely better than disabled, you'll need to watch the logs closely to help track the problem.

    Has the user that's still having problems, tried another browser?

    Anything special in your htaccess that might be causing this?
     
Loading...

Share This Page