I see that cpanel now offers a ModSecurity feature in the end-user cpanel, so they can enable/disable mod_security on their account.
Is it possible for the customer to see a list of "hits" that the modsecurity system has had for their website? And is it also possible for the customer to whitelist a rule that is a false-positive?
We're getting quite a few customers who have problems with mod_security, and we often have to whitelist rules for them, etc.. It would be nice if we could point them to this area of their cpanel and they can see the hits and whitelist specific rules for themselves.
Otherwise, what we are finding is that some customers simply disable mod_security completely in their cpanel, and that leaves their website vulnerable to everything.. when in fact they only want to whitelist one rule that is having false positive.
Thanks!
Is it possible for the customer to see a list of "hits" that the modsecurity system has had for their website? And is it also possible for the customer to whitelist a rule that is a false-positive?
We're getting quite a few customers who have problems with mod_security, and we often have to whitelist rules for them, etc.. It would be nice if we could point them to this area of their cpanel and they can see the hits and whitelist specific rules for themselves.
Otherwise, what we are finding is that some customers simply disable mod_security completely in their cpanel, and that leaves their website vulnerable to everything.. when in fact they only want to whitelist one rule that is having false positive.
Thanks!