I am using ConfigServer ModSecurity Control to disable some custom rules by user and is not working. I detected this issue on 2017-04-16, previously this was working ok.
I am using cPanel & WHM 64.0 (build 19).
How can I troubleshoot this?Thanks.
I just tested this and it worked for me. The procedure is as follows.
I created a new rule (for testing purposes) using
Security Center >> Tools >> Rules List >> Add Rule
The testing rule looked like this...
Code:
# Replace 66.66.66.66 with the ip of your web brower (google whats my ip)
SecRule REMOTE_ADDR "@ipMatch 66.66.66.66" \
"msg:'Matched ip. Test rule is being hit',\
phase:2,\
id:8888111,\
t:none,\
pass,\
log"
Click Deploy and Restart button.
Visit yourdomain.com then check your modsec log for hits to the test rule.
Security Center >> Tools >> Hits List >> Search for 8888111
If the rule is being logged then move on to...
Plugins >> Configserver Modsec Control >> Select a User or Domain from list beside the "Modify user whitelist" button
Then click the "Modify user whitelist" button.
Now you have an choice depending on what you want to achieve.
If your want to disable a rule for all domains owned by the user the add the rule id (number only) to the ModSecurity rule ID list: text box then click the "Save whitelist for all username domains" button.
If your want to disable a rule for one domain owned by the user then select the Domain from list beside the "Modify domain whitelist" button.
Add the rule id (number only) to the ModSecurity rule ID list: text box then click the "Save whitelist for yourdomain.com.com" button.
Now your test rule should be disabled for yourdomain.com
Revisit yourdomain.com then check the modsec log again.
This time nothing should be logged for rule 8888111
Second test visit a second domain on the same server.
This should log hits for the test rule.
Once you have confirmed for yourself that the procedure works, then delete these test entries in Configserver Modsec Control.
Delete the test rule from Security Center >> Tools >> Rules List