Hi everyone,
2016 and still no fix from cPanel. We need thoses brute force rules to work with ruid2 because we need the security of ruid2, and we are hosting lots of Wordpress sites and we need to protect /wp-login from brute force attack. We made it work by appliying the workarround we found on this forum
getting permission denied in ModSecurity error_log · Issue #919 · SpiderLabs/ModSecurity · GitHub
The workarround is to change the SecDataDir from /var/cpanel/secdatadir to /var/log/secdatadir and set the right permissions in that directory. The problem is that the SecDataDir directive is set in the modsec2.cpanel.conf file and that file is overwritten by cPanel every time there is an update or we use the UI to change the config. If we set the SecDataDir in our modsec2.user.conf file, it is ignored because it is overwritten by the cpanel file that is called after in the modsec2.conf file and since the calls to the OWASP rules are in that cpanel file also, there is no way to rewrite that directive between the two calls.
Cpanel: Is there a way to change a master file somewhere so when cpanel rewrites the modsec2.cpanel.conf file, you use our SecDataDir or have an advanced setting in the UI to set that folder ?? Or more drastically, why are you not putting that folder in this location by default with the cpanel install with the right permission ?? What are the security risks of that solution ?
2016 and still no fix from cPanel. We need thoses brute force rules to work with ruid2 because we need the security of ruid2, and we are hosting lots of Wordpress sites and we need to protect /wp-login from brute force attack. We made it work by appliying the workarround we found on this forum
getting permission denied in ModSecurity error_log · Issue #919 · SpiderLabs/ModSecurity · GitHub
The workarround is to change the SecDataDir from /var/cpanel/secdatadir to /var/log/secdatadir and set the right permissions in that directory. The problem is that the SecDataDir directive is set in the modsec2.cpanel.conf file and that file is overwritten by cPanel every time there is an update or we use the UI to change the config. If we set the SecDataDir in our modsec2.user.conf file, it is ignored because it is overwritten by the cpanel file that is called after in the modsec2.conf file and since the calls to the OWASP rules are in that cpanel file also, there is no way to rewrite that directive between the two calls.
Cpanel: Is there a way to change a master file somewhere so when cpanel rewrites the modsec2.cpanel.conf file, you use our SecDataDir or have an advanced setting in the UI to set that folder ?? Or more drastically, why are you not putting that folder in this location by default with the cpanel install with the right permission ?? What are the security risks of that solution ?