The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Disabling modsec2 for a particular folder

Discussion in 'Security' started by sneakyimp, Mar 3, 2010.

  1. sneakyimp

    sneakyimp Member

    Joined:
    Mar 3, 2010
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    I have a dedicated server that I manage with WHM/cPanel and I'm having problems with modsec2. In particular, it causes a 500 server error during a legitimate form POST due to this rule:
    Code:
    SecRule ARGS "((alter|create|drop)[[:space:]]+(column|database|procedure|table)|delete[[:space:]]+from|update.+set.+=)" "id:300015,rev:1,severity:2,msg:'Generic SQL injection protection'"
    
    The form in question exists in a folder that is protected by http authentication -- one must authenticate via apache before viewing any of the folder's contents (you know, the whole .htaccess thing).

    I am wondering a few things:
    1) Is it totally unsafe to turn off modsec2 in this particular folder? I'm thinking that the need to auth via apache will keep out any folks who don't know the password, but want to be sure that there isn't some way to circumvent the apache auth.

    2) if I want to disable modsec2 for this particular folder, is it sufficient/acceptable/correct/effective to put this code in the .htaccess file:
    Code:
    <IfModule mod_security2.c>
    SecRuleEngine Off
    </IfModule>
    
    If that won't turn it off (or is a bad idea), I would appreciate any alternative suggestions.
    
    
     
  2. thewebhosting

    thewebhosting Well-Known Member

    Joined:
    May 9, 2008
    Messages:
    1,201
    Likes Received:
    1
    Trophy Points:
    38
    You cannot by pass the mod security rules from .htaccess in modsecurity2. You will have to require to create global whitelist configuration file to bypass certain rules based on the action.
     
  3. sneakyimp

    sneakyimp Member

    Joined:
    Mar 3, 2010
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Thanks so much for your response.

    Could I bypass it from httpd.conf in a <VirtualHost> directive? I expect to be making some changes there anyway so I've been looking into the instructions about where such changes should be made in a WHM/CPanel environment.

    Could you perhaps explain a little more about the whitelist idea you mentioned? I have looked at the docs (or what I think are the docs) and the word 'whitelist' occurs exactly once and is totally unhelpful as it pertains only to whitelisting ARGS.

    I see something interesting on this page, but can't seem to find any documentation on how to structure these things (or where they are permitted).
     
  4. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    <Virtualhost> ....... YES

    You could actually do that from .htaccess as well but may require you to recompile mod_security (which is ridiculously easier than most incidentally)
     
  5. sneakyimp

    sneakyimp Member

    Joined:
    Mar 3, 2010
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    recompiling is a no-go. I think I'll be adding some stuff to the virtualhost.

    Any links on 'whitelist' ?
     
  6. thewebhosting

    thewebhosting Well-Known Member

    Joined:
    May 9, 2008
    Messages:
    1,201
    Likes Received:
    1
    Trophy Points:
    38
  7. Secmas

    Secmas Well-Known Member

    Joined:
    Feb 18, 2005
    Messages:
    321
    Likes Received:
    0
    Trophy Points:
    16
    An easy way to doing this could be using CMC from ConfigServer ModSecurity Control, CMC is free and is an addon that you can have in your WHM.

    With CMC you can whitelist any of your rules for just one particular account.
     
Loading...

Share This Page