Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED Modsecurity CMC whitelist being ignored

Discussion in 'Security' started by jestep, Dec 9, 2016.

  1. jestep

    jestep Active Member

    Joined:
    Dec 18, 2006
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    156
    This is a huge annoyance. Using configserver CMC. The configserver forums are basically dead so posting here to see if anyone else has had the same problem. Basically the mod_security CMC whitelist function doesn't work at all because the user disabled rules are applied in the wrong order.

    I can manually edit modsec/modsec2.cpanel.conf and I can properly disable rules.

    However, when I use the ModSecurity rule ID list: which adds ID's to: modsec2.whitelist.conf, which is added in modsec2.user.conf, they are completely ignored. modsec2.cpanel.conf gets written over by the server so any changes I make directly to that file aren't permanent, so this isn't a viable means to disable rules. I haven't found a way to distill that file to save manual changes. Has anyone run into this problem or know of a better way to save rules that I want to disable.

    Basically, I need to disable:
    960015
    900018
    900020
    900021

    The actual problem is very obvious, looking in modsec2.conf, the modsec2.user.conf rules are applied before the modsec2.cpanel.conf rules so any custom rules are essentially meaningless because the actual rules are applied after the user disables them...

    From modsec2.conf
    # user.conf must com before cpanel.conf to allow adminsitrators
    # to selectively disable vendor rules
    Include /etc/apache2/conf.d/modsec/modsec2.user.conf
    Include /etc/apache2/conf.d/modsec/modsec2.cpanel.conf

    Any suggestions on how to disable rules without having to re-edit these auto generated files every time the server writes over them. Maybe I'm missing something, but the order these are applied makes user disabled rules completely meaningless, am I wrong?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you verify which version of cPanel is installed on this system? The following case was included with cPanel version 58.0.26 a while back and might relate to this issue if you are using an older cPanel version:

    Fixed case CPANEL-7914: Fix loading of custom mod_security rules.

    Otherwise, could you open a support ticket using the link in my signature so we can take a closer look? We won't be able to troubleshoot the ConfigServer CMC issue, but we can verify the steps utilized on threads such as https://forums.cpanel.net/threads/seemingly-unable-to-disable-mod_security-rule.565171 are working as expected.

    Thank you.
     
Loading...

Share This Page