The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mod secuirty whitelist?

Discussion in 'Security' started by icandoit, Dec 5, 2012.

  1. icandoit

    icandoit Well-Known Member

    Joined:
    Dec 21, 2010
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    Mod security logs says"


    Access denied with code 406 (phase 2). Match of "rx ^apache.*perl" against "REQUEST_HEADERS:User-Agent" required. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "61"] [id "990011"] [msg "Request Indicates an automated program explored the site"] [severity "NOTICE"]

    How to whitelist this?
     
  2. Astral God

    Astral God Well-Known Member

    Joined:
    Sep 27, 2010
    Messages:
    180
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    127.0.0.1
    cPanel Access Level:
    Root Administrator
    Install ConfigServer CMC.
     
  3. icandoit

    icandoit Well-Known Member

    Joined:
    Dec 21, 2010
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    so I go to CMC / in the box that says * mod_security rule ID list" I add 990011 and save global whitelist ?
     
  4. PlotHost

    PlotHost Well-Known Member

    Joined:
    Apr 29, 2011
    Messages:
    253
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    US
    cPanel Access Level:
    Root Administrator
    Twitter:
    Yes. Or you can choose a domain from the list and disable the rule only for that domain.
     
  5. Thijssss

    Thijssss Member

    Joined:
    Nov 20, 2012
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Just include your own custom conf file (for example, modsecurity_15_custom.conf, I believe the 15 is relevant to the order of processing). I have rules in there for example like:

    Code:
    SecRule REQUEST_HEADERS:Host "^(.*).domain.com$" "phase:1,t:none,nolog,pass,ctl:ruleRemoveById=981257"
    See sites like SourceForge.net: Reference Manual - mod-security for more information and options.
     
Loading...

Share This Page