Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Mod_sec Rules

Discussion in 'Security' started by kjlord, Jul 23, 2013.

  1. kjlord

    kjlord Member

    Joined:
    Feb 8, 2011
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    51
    Hello,

    Please give me mod_sec rules details i.e like how to create our own global rules to disable/restricting few files and folders access.
    If there is any other way to do this, suppose we need to disable folder like, hacked./ or any word start/ends with hacked should be disabled or it shall not be access via http.


    Regard
     
    #1 kjlord, Jul 23, 2013
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,789
    Likes Received:
    83
    Trophy Points:
    78
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 24x7server, Jul 23, 2013
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,711
    Likes Received:
    1,791
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello :)

    You can browse to the following option if you are seeking a visual interface to add/modify rules:

    "WHM Main >> Plugins >> Mod Security"

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 cPanelMichael, Jul 24, 2013
  4. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,010
    Likes Received:
    87
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    If you want to make your own rules, I recommend the reference manual:

    https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual

    Something like this would deny web access to anything with the word 'hacked' after the domain name. This is an overly broad rule and I don't recommend its use, only as an example:

    SecRule REQUEST_URI "hacked" "t:lowercase,id:12345"
     
    #4 quizknows, Jul 24, 2013
  5. kjlord

    kjlord Member

    Joined:
    Feb 8, 2011
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    51
    Hello,

    Thanks.. :)
     
    #5 kjlord, Jul 24, 2013
(You must log in or sign up to post here.)
Loading...
Similar Threads - Mod_sec Rules
  1. electric

    Let customers view and whitelist mod_security rules?

    electric, Aug 26, 2017, in forum: Security
    Replies:
    2
    Views:
    525
    cPanelMichael
    Aug 28, 2017
  2. caisc

    Mod_security rules to prevent spam registrations and comments on wordpress sites

    caisc, Feb 7, 2017, in forum: Security
    Replies:
    12
    Views:
    1,668
    caisc
    Feb 10, 2017
  3. rs-freddo

    New Mod_Security Ruleset after EA4 upgrade

    rs-freddo, Dec 25, 2016, in forum: EasyApache
    Replies:
    1
    Views:
    612
    cPanelMichael
    Jan 5, 2017
  4. mehdix92

    Mod_Security blocking WordPress logins

    mehdix92, Jun 13, 2018, in forum: Security
    Replies:
    3
    Views:
    138
    cPanelMichael
    Jun 14, 2018
  5. meeven

    Questions about enabling mod_security

    meeven, May 22, 2018, in forum: Security
    Replies:
    2
    Views:
    111
    meeven
    Jun 2, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice