Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Mod_sec Rules

Discussion in 'Security' started by kjlord, Jul 23, 2013.

  1. kjlord

    kjlord Member

    Joined:
    Feb 8, 2011
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    51
    Hello,

    Please give me mod_sec rules details i.e like how to create our own global rules to disable/restricting few files and folders access.
    If there is any other way to do this, suppose we need to disable folder like, hacked./ or any word start/ends with hacked should be disabled or it shall not be access via http.


    Regard
     
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,878
    Likes Received:
    89
    Trophy Points:
    78
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    You can browse to the following option if you are seeking a visual interface to add/modify rules:

    "WHM Main >> Plugins >> Mod Security"

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,011
    Likes Received:
    88
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    If you want to make your own rules, I recommend the reference manual:

    https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual

    Something like this would deny web access to anything with the word 'hacked' after the domain name. This is an overly broad rule and I don't recommend its use, only as an example:

    SecRule REQUEST_URI "hacked" "t:lowercase,id:12345"
     
  5. kjlord

    kjlord Member

    Joined:
    Feb 8, 2011
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    51
    Hello,

    Thanks.. :)
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice