Imunify360 changes halt Apache

ttremain

Well-Known Member
Feb 16, 2003
246
2
168
cPanel Access Level
Root Administrator
Mid day, something changed, and Apache failed.

These two rules in /etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/004_i360_4_custom.conf seem to be the culprits. I removed them, and Apache would start again. Pretty sure I tried them both individually as well, but things have to happen quickly with production systems are down.

Code:
# DirectoryBruteForce infectors
SecRule REQUEST_FILENAME "@pmFromFile userdata_dirb_URLs.data" "id:77142160,phase:request,deny,log,severity:2,t:urlDecode,t:removeWhitespace,t:lowercase,msg:'IM360 WAF: Infectors. Dirb like fuzzing||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',tag:'service_i360custom',chain"
SecRule TX:RBL_IP "@rbl infectors.v2.rbl.imunify.com." "t:none,chain"
SecRule TX:RBL_IP "[email protected] nxdomain.v2.rbl.imunify.com." "t:none"

# Heuristic: DirectoryBruteForce
SecRule REQUEST_FILENAME "@pmFromFile userdata_dirb_URLs.data" "id:77140739,phase:request,pass,log,severity:5,t:urlDecode,t:removeWhitespace,t:lowercase,msg:'IM360 WAF: Dirb like fuzzing||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_i360custom',tag:'noshow'"
Please advise.