Godaddy shared hosting get blocked out (probably by mod_security) when using some scripts.

SuperBaby

Well-Known Member
Nov 27, 2003
343
0
166
Thailand
cPanel Access Level
Website Owner
Twitter
I have two different file management scripts installed. They are available free from Filegator.com and Nextcloud.com.

When I try to use the search feature in Filegator and to edit a display text in Nextcloud (see screenshots attached), I will be blocked out (most probably by mod_security). When this happens, I have to restart my modem to acquire a new IP address so that I can access the sites again.

mod_security control is NOT available in cPanel interface of Godaddy shared hosting. I have talked to Godaddy support team and it seems that they did not know what was happening and how to help me out.

Is there a way for me to do something. I tried to add this in htaccess file and placed it under the root but it was not working.

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
 

Attachments

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
The pictures of the program's search bars are not really helpful. What is the error you're receiving and/or what is reported in the error logs which can be found in cPanel>>Metrics>>Errors
 

SuperBaby

Well-Known Member
Nov 27, 2003
343
0
166
Thailand
cPanel Access Level
Website Owner
Twitter
I am on Godaddy shared hosting. Unfortunately there is no useful screenshot I can show. Because when the alarm is triggered, there is no error message. The site simply halts.

I have also check the error log and there is nothing recorded.

I tried to disable mod_security in htaccess file but it is not working.
 

ZenHostingTravis

Well-Known Member
PartnerNOC
May 22, 2020
168
55
28
Australia
cPanel Access Level
Root Administrator
It sounds like you're not getting the support you need from the GoDaddy team.

If a rule is being triggered, they should be able to disable it for you or take other action to assist you further.
 

SuperBaby

Well-Known Member
Nov 27, 2003
343
0
166
Thailand
cPanel Access Level
Website Owner
Twitter
It sounds like you're not getting the support you need from the GoDaddy team.

If a rule is being triggered, they should be able to disable it for you or take other action to assist you further.
Yeah... I told Godaddy to whitelist my domain under the mod_security whitelist. They asked me to upgrade to virtual or dedicated server. Well, I have just downgraded from a dedicated server.
 

ZenHostingTravis

Well-Known Member
PartnerNOC
May 22, 2020
168
55
28
Australia
cPanel Access Level
Root Administrator
Yeah... I told Godaddy to whitelist my domain under the mod_security whitelist. They asked me to upgrade to virtual or dedicated server. Well, I have just downgraded from a dedicated server.
It really shouldn't matter if you're on shared hosting or a VPS / dedicated server.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
I'm not sure what they include in their shared plans but cPanel does provide a ModSecurity interface at cPanel>>Security>>ModSecurity where you can disable it for your domains (1 or all) which might help you confirm whether or not it is ModSecurity, that is if they include this interface in the plan.

If they do and you can confirm it works with ModSecurity disabled, GoDaddy does have the ability to look at ModSecurity logs and tell you which rule is being matched and what that rule entails so that you can better manage your site to avoid false positives.
 

SuperBaby

Well-Known Member
Nov 27, 2003
343
0
166
Thailand
cPanel Access Level
Website Owner
Twitter
I'm not sure what they include in their shared plans but cPanel does provide a ModSecurity interface at cPanel>>Security>>ModSecurity where you can disable it for your domains (1 or all) which might help you confirm whether or not it is ModSecurity, that is if they include this interface in the plan.

If they do and you can confirm it works with ModSecurity disabled, GoDaddy does have the ability to look at ModSecurity logs and tell you which rule is being matched and what that rule entails so that you can better manage your site to avoid false positives.
Unfortunately Godaddy has turned it off for shared hosting. I know the existence of this feature as I have managed a dedicated server before.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
Unfortunately Godaddy has turned it off for shared hosting. I know the existence of this feature as I have managed a dedicated server before.
Yea and if they are unwilling to provide you the rule that is being matched as well as how it is avoided you're a bit stuck.