Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mod_sec Rules

Discussion in 'Security' started by kjlord, Jul 23, 2013.

  1. kjlord

    kjlord Member

    Joined:
    Feb 8, 2011
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    51
    Hello,

    Please give me mod_sec rules details i.e like how to create our own global rules to disable/restricting few files and folders access.
    If there is any other way to do this, suppose we need to disable folder like, hacked./ or any word start/ends with hacked should be disabled or it shall not be access via http.


    Regard
     
    #1 kjlord, Jul 23, 2013
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,722
    Likes Received:
    77
    Trophy Points:
    28
    Location:
    India
    cPanel Access Level:
    Root Administrator
    #2 24x7server, Jul 23, 2013
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,734
    Likes Received:
    1,706
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello :)

    You can browse to the following option if you are seeking a visual interface to add/modify rules:

    "WHM Main >> Plugins >> Mod Security"

    Thank you.
     
    #3 cPanelMichael, Jul 24, 2013
  4. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,010
    Likes Received:
    87
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    If you want to make your own rules, I recommend the reference manual:

    https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual

    Something like this would deny web access to anything with the word 'hacked' after the domain name. This is an overly broad rule and I don't recommend its use, only as an example:

    SecRule REQUEST_URI "hacked" "t:lowercase,id:12345"
     
    #4 quizknows, Jul 24, 2013
  5. kjlord

    kjlord Member

    Joined:
    Feb 8, 2011
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    51
    Hello,

    Thanks.. :)
     
    #5 kjlord, Jul 24, 2013
(You must log in or sign up to post here.)
Loading...
Similar Threads - Mod_sec Rules
  1. electric

    Let customers view and whitelist mod_security rules?

    electric, Aug 26, 2017, in forum: Security
    Replies:
    2
    Views:
    461
    cPanelMichael
    Aug 28, 2017
  2. caisc

    Mod_security rules to prevent spam registrations and comments on wordpress sites

    caisc, Feb 7, 2017, in forum: Security
    Replies:
    12
    Views:
    1,473
    caisc
    Feb 10, 2017
  3. rs-freddo

    New Mod_Security Ruleset after EA4 upgrade

    rs-freddo, Dec 25, 2016, in forum: EasyApache
    Replies:
    1
    Views:
    556
    cPanelMichael
    Jan 5, 2017
  4. Bdzzld

    Older mod_security ruleset still active

    Bdzzld, May 3, 2016, in forum: Security
    Replies:
    3
    Views:
    610
    Bdzzld
    May 5, 2016
  5. jeffschips

    mod_sec with httpd-guardian

    jeffschips, Mar 29, 2018, in forum: Security
    Replies:
    5
    Views:
    100
    cPanelMichael
    Apr 3, 2018

Share This Page