Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

mod_security issues

Discussion in 'Security' started by bsasninja, Jan 5, 2007.

  1. bsasninja

    bsasninja Well-Known Member

    Joined:
    Sep 2, 2004
    Messages:
    527
    Likes Received:
    0
    Trophy Points:
    166
    I have some rules in mod_security but they are making trouble with a webmail system. How do I disable mod_security for that domain?? which is the line I should add to the virtual host at httpd.conf ??

    Help will be appreciated.

    Thanks!!
     
    #1 bsasninja, Jan 5, 2007
  2. tweakservers

    tweakservers Well-Known Member

    Joined:
    Mar 30, 2006
    Messages:
    379
    Likes Received:
    0
    Trophy Points:
    166
    as far as you may concern, mod_security is loaded at Apache and compiled into and there's no option of disabling it per domain at the moment.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 tweakservers, Jan 5, 2007
  3. simplybe

    simplybe Well-Known Member

    Joined:
    Nov 29, 2002
    Messages:
    153
    Likes Received:
    0
    Trophy Points:
    166
    htaccess can turn it off for a domain. add

    <IfModule mod_security.c>
    # Turn off mod_security filtering.
    SecFilterEngine Off

    # The below probably isn't needed.
    SecFilterScanPOST Off
    </IfModule>

    to their htaccess file, although it would be better to fix the rules if they are breaking webmail rather than leaving a domain un protected.

    You can add eclusions to mode sec, check the logs and see what is causing the problem and either remove the rule or add an exlusion for the script that is having problems.

    eg
    ###########################################
    #script exclusions
    ###########################################
    <LocationMatch "myscript.php">
    SecFilterInheritance Off
    </LocationMatch>
     
    #3 simplybe, Jan 5, 2007
  4. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    655
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Canada
    While this works, for a production environment mod_security should be compiled in with the option to not allow users to alter it with .htaccess.

    Instead the rules should be corrected or whitelist the user in httpd.conf
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 ramprage, Jan 5, 2007
  5. kuwaitnt

    kuwaitnt Well-Known Member

    Joined:
    Oct 13, 2003
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    156

    how can we do it ??

    manual or from easyapache ?

    if manual can we know how ?
     
    #5 kuwaitnt, Jan 6, 2007
(You must log in or sign up to post here.)
Loading...
Similar Threads - mod_security issues
  1. Gojko

    HTTPD conflict with mod_security?

    Gojko, Nov 20, 2018, in forum: EasyApache
    Replies:
    2
    Views:
    142
    rpvw
    Nov 21, 2018
  2. subtopic

    OWASP mod_security breaking Wordpress page save

    subtopic, Sep 18, 2018, in forum: Security
    Replies:
    4
    Views:
    279
    subtopic
    Sep 20, 2018
  3. subtopic

    OWASP mod_security to help /tmp execution

    subtopic, Sep 18, 2018, in forum: Security
    Replies:
    1
    Views:
    127
    cPanelLauren
    Sep 19, 2018
  4. Pratyush Rohilla

    SOLVED Error when installing mod_security via WHM >> EA4

    Pratyush Rohilla, Sep 16, 2018, in forum: EasyApache
    Replies:
    1
    Views:
    147
    cPanelMichael
    Sep 17, 2018
  5. ottdev

    cPanel's implementation of Mod_Security

    ottdev, Aug 8, 2018, in forum: Security
    Replies:
    2
    Views:
    269
    cPanelLauren
    Aug 10, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice