The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mod_security Blocking Form Contents

Discussion in 'Security' started by Michael Mihalyfi, Jun 26, 2016.

Tags:
  1. Michael Mihalyfi

    Michael Mihalyfi Registered

    Joined:
    Jun 19, 2016
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Manchester, UK
    cPanel Access Level:
    Website Owner
    mod_security Blocking Form Contents (IE: Textboxes containing URL Links)

    If a TextBox has a URL (starting with HTTP) as its contents, submitting the form triggers a FORBIDDEN error, I have tracked this down to a setting in "mod_security" which is possibly designed to prevent SQL Injection Attacks.

    I need to disable this option in "mod_security", How can I do this on cPanel?

    PS: I get my cPanel account through Zen Internet if this makes a difference.
     
  2. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    121
    Likes Received:
    34
    Trophy Points:
    28
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    As a website owner, you can disable all of mod security for a domain in cPanel (assuming your provider has made it available to you) in the Security > Mod Security settings.

    You would need to talk to your server administration to make changes to individual rules that might be interfering with your forms.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,776
    Likes Received:
    663
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    You will need to contact your hosting provider if you want a specific Mod_Security rule whitelisted for your account. You could also enable or disable Mod_Security for one or all domain names associated with your account if your hosting provider has enabled ModSecurity Domain Manager for your account:

    ModSecurity Domain Manager - Documentation - cPanel Documentation

    Thank you.
     
    Michael Mihalyfi likes this.
  4. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    941
    Likes Received:
    56
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    For the love of God please don't disable modsecurity for your domain entirely. It provides essential protections for you.

    Generally these issues can be resolved by whitelisting a rule or two. If you do not have root, your hosting provider should be experienced in resolving these issues.

    If their answer is disabling modsecurity for your domain, find a new host.
     
Loading...

Share This Page