ModSecurity add & remove rule for a domain

Volt55

Member
Feb 20, 2017
17
1
3
UK
cPanel Access Level
Root Administrator
Hi. I have multiple domains on my server protected with ModSecurity tools.

I use a rule (Default HTTP policy: restricted_extensions rule 900240) in ModSecurity that I wish to remove for a single domain BUT replace it with another rule that is very similar and allows access to a certain file extension.

I have copied the new rule and created my variant for the single domain. How can I achieve this?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello @Volt55,

The ModSecurity Domain Manager feature will allow you to completely enable or disable ModSecurity on account, but it doesn't allow an individual cPanel user to configure specific rules per domain. I recommend using a third-party plugin such as ConfigServer ModSecurity Control if you'd like to easily configure individual ModSecurity rules per account:

ConfigServer ModSecurity Control (cmc)

Thank you.
 

linux4me2

Well-Known Member
Aug 21, 2015
259
78
78
USA
cPanel Access Level
Root Administrator
I haven't tried the plugins Michael is referring to, but you can select for a domain in your custom rule by adding the following type of SecRule to your new rule:
Code:
SecRule SERVER_NAME "thedomain.com" "t:lowercase"
To exempt a domain, you can use:
Code:
SecRule SERVER_NAME "[email protected] thedomain.com" "t:lowercase"
You might run into issues with editing an existing rule, so you may want to create your own custom rule for the existing one and disable the existing rule.
 
  • Like
Reactions: cPanelMichael