SOLVED Modsecurity CMC whitelist being ignored

jestep

Well-Known Member
Dec 18, 2006
49
1
158
This is a huge annoyance. Using configserver CMC. The configserver forums are basically dead so posting here to see if anyone else has had the same problem. Basically the mod_security CMC whitelist function doesn't work at all because the user disabled rules are applied in the wrong order.

I can manually edit modsec/modsec2.cpanel.conf and I can properly disable rules.

However, when I use the ModSecurity rule ID list: which adds ID's to: modsec2.whitelist.conf, which is added in modsec2.user.conf, they are completely ignored. modsec2.cpanel.conf gets written over by the server so any changes I make directly to that file aren't permanent, so this isn't a viable means to disable rules. I haven't found a way to distill that file to save manual changes. Has anyone run into this problem or know of a better way to save rules that I want to disable.

Basically, I need to disable:
960015
900018
900020
900021

The actual problem is very obvious, looking in modsec2.conf, the modsec2.user.conf rules are applied before the modsec2.cpanel.conf rules so any custom rules are essentially meaningless because the actual rules are applied after the user disables them...

From modsec2.conf
# user.conf must com before cpanel.conf to allow adminsitrators
# to selectively disable vendor rules
Include /etc/apache2/conf.d/modsec/modsec2.user.conf
Include /etc/apache2/conf.d/modsec/modsec2.cpanel.conf

Any suggestions on how to disable rules without having to re-edit these auto generated files every time the server writes over them. Maybe I'm missing something, but the order these are applied makes user disabled rules completely meaningless, am I wrong?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hello,

Could you verify which version of cPanel is installed on this system? The following case was included with cPanel version 58.0.26 a while back and might relate to this issue if you are using an older cPanel version:

Fixed case CPANEL-7914: Fix loading of custom mod_security rules.

Otherwise, could you open a support ticket using the link in my signature so we can take a closer look? We won't be able to troubleshoot the ConfigServer CMC issue, but we can verify the steps utilized on threads such as https://forums.cpanel.net/threads/seemingly-unable-to-disable-mod_security-rule.565171 are working as expected.

Thank you.