Let customers view and whitelist mod_security rules?

electric

Well-Known Member
Nov 5, 2001
789
10
318
I see that cpanel now offers a ModSecurity feature in the end-user cpanel, so they can enable/disable mod_security on their account.

Is it possible for the customer to see a list of "hits" that the modsecurity system has had for their website? And is it also possible for the customer to whitelist a rule that is a false-positive?

We're getting quite a few customers who have problems with mod_security, and we often have to whitelist rules for them, etc.. It would be nice if we could point them to this area of their cpanel and they can see the hits and whitelist specific rules for themselves.

Otherwise, what we are finding is that some customers simply disable mod_security completely in their cpanel, and that leaves their website vulnerable to everything.. when in fact they only want to whitelist one rule that is having false positive.

Thanks!
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
My primary complaint when the user manager was launched was the fact that the only feature is to disable entirely.

It would be nice to see at least users able to just whitelist specific rule IDs even if it's not scoped to location.

I'd also think for the most part since cP already parses hits into a database, showing users hits for their own domains should be a pretty simple task as well.
 
  • Like
Reactions: cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,229
463
  • Like
Reactions: quizknows