ModSecurity add & remove rule for a domain

[Volt55]

Hi. I have multiple domains on my server protected with ModSecurity tools.

I use a rule (Default HTTP policy: restricted_extensions rule 900240) in ModSecurity that I wish to remove for a single domain BUT replace it with another rule that is very similar and allows access to a certain file extension.

I have copied the new rule and created my variant for the single domain. How can I achieve this?

 

[cPanelMichael]

Hello @Volt55,

The ModSecurity Domain Manager feature will allow you to completely enable or disable ModSecurity on account, but it doesn't allow an individual cPanel user to configure specific rules per domain. I recommend using a third-party plugin such as ConfigServer ModSecurity Control if you'd like to easily configure individual ModSecurity rules per account:

ConfigServer ModSecurity Control (cmc)

Thank you.

 

[linux4me2]

I haven't tried the plugins Michael is referring to, but you can select for a domain in your custom rule by adding the following type of SecRule to your new rule:

SecRule SERVER_NAME "thedomain.com" "t:lowercase"

To exempt a domain, you can use:

SecRule SERVER_NAME "[email protected] thedomain.com" "t:lowercase"

You might run into issues with editing an existing rule, so you may want to create your own custom rule for the existing one and disable the existing rule.