The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mod Security

Discussion in 'Security' started by aaronkolodjski, Dec 18, 2009.

  1. aaronkolodjski

    Joined:
    Oct 23, 2009
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Does Mod Security plugin block bots like msn and google, i installed with the default config in whm and received this:

    65.55.106.112 Access denied with code 501 (phase 2). Match of "rx ^((?:(?:POS|GE)T|OPTIONS|HEAD))$" against "REQUEST_METHOD" required. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "38"] [id "960032"] [msg "Method is not allowed by policy"] [severity "CRITICAL"] [tag "POLICY/METHOD_NOT_ALLOWED"]

    That ip is msn bot?

    Just woundering if it blocks some of these bots, and if so a link to a ruleset that dont?

    Aaron
     
  2. aaronkolodjski

    Joined:
    Oct 23, 2009
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    I found a solution to whitelist ips if anybody wants to try this. Keep in mind im not a pro, but found this to work for me. and after doing it msn was able to bot my page :)

    At the very top of your config file in whm for mod security put:

    SecRule REMOTE_ADDR "@pmFromFile /pathto/your/whitlist.txt" "nolog,phase:1,allow"

    Then drop your ips in the whitelist.txt

    restart apache :)

    Works great for me, if thats not the correct way to do this please point out another way with any suggestions, thanx
     
  3. aaronkolodjski

    Joined:
    Oct 23, 2009
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Also in your whitelist.txt file with your ips if you wanna open up a range of ips

    just drop the end off the ip like

    192.1.168.


    Found this to work as well
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,470
    Likes Received:
    198
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  5. aaronkolodjski

    Joined:
    Oct 23, 2009
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    re

    nice tool, but how to you put the ips in. I installed to try it out and it says id number?
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,470
    Likes Received:
    198
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    If you look at the image at the link I posted above, you see near bottom a list of files you can edit. Note the one named whitelist. You may not have one here named that, but you can add them.
     
  7. aaronkolodjski

    Joined:
    Oct 23, 2009
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    re

    I think the only downside to that is that it removes rules for a domain name. I was looking for something to whitelist ips keeping the rules for the whole server and white listing ips for the whole server to gain normal access with no restrictions.

    Leaving one domain open is like leaving the whole server open in my mind. If this tool does do what i am looking for please correct me.

    Thanks for your help.

    Aaron
     
  8. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,470
    Likes Received:
    198
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    For a domain, or the entire server depending on how you use it, yes that's correct you can use it to easily remove a single (or more) rule that's causing problems. If it's only causing problems on one account and no others then removing it for one domain can come in handy.

    As already mentioned, the added rulesets (mentioned at the link above and all over these forums) offer far more protection to the basic rules cPanel gets you started with when you install modsecurity.

    Once you've added those additional rules you'll have far more control over things, directly from this GUI. Including the option to add an IP or domain to the appropriate file to "whitelist" it as you are seeking to do.

    You might want to read up on this forum and other places to understand it all a bit more. Here's one such thread that might be helpful to get you in the right direction I think.
    http://forums.cpanel.net/f34/mod-security-136849.html
     
Loading...

Share This Page