Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Let customers view and whitelist mod_security rules?

Discussion in 'Security' started by electric, Aug 26, 2017.

Tags:
  1. electric

    electric Well-Known Member

    Joined:
    Nov 5, 2001
    Messages:
    719
    Likes Received:
    3
    Trophy Points:
    318
    I see that cpanel now offers a ModSecurity feature in the end-user cpanel, so they can enable/disable mod_security on their account.

    Is it possible for the customer to see a list of "hits" that the modsecurity system has had for their website? And is it also possible for the customer to whitelist a rule that is a false-positive?

    We're getting quite a few customers who have problems with mod_security, and we often have to whitelist rules for them, etc.. It would be nice if we could point them to this area of their cpanel and they can see the hits and whitelist specific rules for themselves.

    Otherwise, what we are finding is that some customers simply disable mod_security completely in their cpanel, and that leaves their website vulnerable to everything.. when in fact they only want to whitelist one rule that is having false positive.

    Thanks!
     
    cPanelMichael and quizknows like this.
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    983
    Likes Received:
    76
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    My primary complaint when the user manager was launched was the fact that the only feature is to disable entirely.

    It would be nice to see at least users able to just whitelist specific rule IDs even if it's not scoped to location.

    I'd also think for the most part since cP already parses hits into a database, showing users hits for their own domains should be a pretty simple task as well.
     
    cPanelMichael likes this.
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,165
    Likes Received:
    1,371
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page