Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Mod_sec Rules

Discussion in 'Security' started by kjlord, Jul 23, 2013.

  1. kjlord

    kjlord Member

    Joined:
    Feb 8, 2011
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    51
    Hello,

    Please give me mod_sec rules details i.e like how to create our own global rules to disable/restricting few files and folders access.
    If there is any other way to do this, suppose we need to disable folder like, hacked./ or any word start/ends with hacked should be disabled or it shall not be access via http.


    Regard
     
    #1 kjlord, Jul 23, 2013
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,878
    Likes Received:
    89
    Trophy Points:
    78
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 24x7server, Jul 23, 2013
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    You can browse to the following option if you are seeking a visual interface to add/modify rules:

    "WHM Main >> Plugins >> Mod Security"

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 cPanelMichael, Jul 24, 2013
  4. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,011
    Likes Received:
    88
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    If you want to make your own rules, I recommend the reference manual:

    https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual

    Something like this would deny web access to anything with the word 'hacked' after the domain name. This is an overly broad rule and I don't recommend its use, only as an example:

    SecRule REQUEST_URI "hacked" "t:lowercase,id:12345"
     
    #4 quizknows, Jul 24, 2013
  5. kjlord

    kjlord Member

    Joined:
    Feb 8, 2011
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    51
    Hello,

    Thanks.. :)
     
    #5 kjlord, Jul 24, 2013
(You must log in or sign up to post here.)
Loading...
Similar Threads - Mod_sec Rules
  1. electric

    Let customers view and whitelist mod_security rules?

    electric, Aug 26, 2017, in forum: Security
    Replies:
    2
    Views:
    615
    cPanelMichael
    Aug 28, 2017
  2. caisc

    Mod_security rules to prevent spam registrations and comments on wordpress sites

    caisc, Feb 7, 2017, in forum: Security
    Replies:
    12
    Views:
    1,977
    caisc
    Feb 10, 2017
  3. rs-freddo

    New Mod_Security Ruleset after EA4 upgrade

    rs-freddo, Dec 25, 2016, in forum: EasyApache
    Replies:
    1
    Views:
    664
    cPanelMichael
    Jan 5, 2017
  4. subtopic

    OWASP mod_security breaking Wordpress page save

    subtopic, Sep 18, 2018, in forum: Security
    Replies:
    4
    Views:
    135
    subtopic
    Sep 20, 2018
  5. subtopic

    OWASP mod_security to help /tmp execution

    subtopic, Sep 18, 2018, in forum: Security
    Replies:
    1
    Views:
    72
    cPanelLauren
    Sep 19, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice