Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mod_sec whitelist

Discussion in 'Security' started by hrace009, Oct 24, 2016.

Tags:
  1. hrace009

    hrace009 Well-Known Member

    Joined:
    Dec 24, 2013
    Messages:
    71
    Likes Received:
    10
    Trophy Points:
    8
    Location:
    Root
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,
    Some of my client running Xenforo, and need to whitelist modsec by ID.
    What i have got information from ModSec tools is this message:
    Code:
    Request: POST /index.php?editor/to-bb-code
    Action Description: Access denied with redirection to http://www.domain.com/ using status 302 (phase 2).
    Justification: detected XSS using libinjection.
    and by my opinion, we need to remove modsec ID for path
    Code:
    /index.php?editor/to-bb-code
    I have try to add modsec whitelist with the following LocationMatch
    Code:
    <LocationMatch "/index.php?editor/to-bb-code">
      SecRuleRemoveById 973343 # Breaks Xenforo Editing Post
      SecRuleRemoveById 973340 # Breaks Xenforo Editing Post
      SecRuleRemoveById 981257 # Breaks Xenforo Editing Post
      SecRuleRemoveById 981245 # Breaks Xenforo Editing Post
      SecRuleRemoveById 981243 # Breaks Xenforo Editing Post
    </LocationMatch>
    It still not work.

    If i change to be like this:
    Code:
    <LocationMatch "/index.php">
    It will work perfect. but it will whitelist all global index.php

    is there a way to white list only /index.php?editor/to-bb-code ?

    Thank You
     
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    986
    Likes Received:
    76
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    I don't think locationmatch can accept query strings, unfortunately. See the link below. What comes after the question mark is php arguments (query string) and not a real "location" to apache. There would be ways to customize the rules themselves for this, but I don't really recommend that unless you are an advanced user. What I would do personally is just apply the list that works to the one domain only in an includes file. Configserver Modsec Control is great for this, you can make the exceptions for just one domain.

    Apache permissions based on querystring
     
    Infopro likes this.
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,765
    Likes Received:
    313
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  4. hrace009

    hrace009 Well-Known Member

    Joined:
    Dec 24, 2013
    Messages:
    71
    Likes Received:
    10
    Trophy Points:
    8
    Location:
    Root
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hi, Thank for reply
    Yes, i have read that before, when search on google, i have seen there is a trick for it, but i forgot to save the link. maybe i should take a look again

    Hi, Thank for reply,
    Yes i use CMC, i have seen post that LocationMatch can only use without query. Using disable per domain is good choice, and i have try it. But i think still more better if it targeting to the path that hit by ModSec. There is a trick for that, i have seen it at google before. And i forgot to save the link. I should take a look over it again.
     
Loading...

Share This Page