The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

modsecurity Problem

Discussion in 'cPanel Developers' started by anka, Jun 30, 2006.

  1. anka

    anka Member

    Joined:
    Mar 26, 2004
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hallo,

    Mod_Security run on my Server.

    One of my User needed the Directive RootDir into a Script - this are blocked by Mod_security.

    how can I allowed one User to connected with one Script used the directive rootDir - but all other User block to used the directive rootDir?

    Thanks für Help

    Anka
     
  2. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    667
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    It really depends....

    It really depends on what ruleset you have that's blocking the action. What is the log saying , what rule is triggering this? check /etc/httpd/logs/audit_log and error_log
     
  3. anka

    anka Member

    Joined:
    Mar 26, 2004
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hey,

    This ar the Code:

    Access denied with code 403. Pattern match "rootDir" at POST_PAYLOAD

    Error-Log :

    [Mon Jun 26 22:35:01 2006] [error] [client 84.154.21.89] mod_security: Access denied with code 403. Pattern match "rootDir" at POST_PAYLOAD [hostname "www.xxxxxx.net"] [uri "/webinterface/source/index.php"]

    My Rule in Mod-Security ( now deactivated )

    #SecFilterSelective THE_REQUEST "rootDir"
    #SecFilter "rootdir"

    Cann I create a Rules to allowed this User to work with rootDir und disable this for all other User?

    Greetings

    Anka

    PS: that Nobody-Preventing Script are Great - ist run on Fedora 2 very well
     
  4. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    667
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    You can disable mod_security for a site in particular by adding this to their public_html/.htaccess file:

    SecFilterEngine off

    This turns off mod_security entirely for one site.
     
  5. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    I disable the ability for mod_security to be controlled through .htaccess files. Otherwise, end users can just disable mod_security on their account and whatever ruleset you have in place will not apply to their account. This means, if they want to upload and run web exploits they can do so by just disabling mod_security in their .htaccess file.

    One solution I found was to always use ID's in my mod_security rules. So you might formulate this specific rule as:

    SecFilter "rootdir" id:1001,deny,log,status:406

    For some reason I found you always have to include the ,deny,log,status:406 part into the rule. When adding an id the SecFilterDefaultAction does not seem to apply. This may have been something of my own doing, some setting I'm missing somewhere, or it may have just been in an old version of mod_security. At any rate, I always set up rules with a unique id.

    Now in the httpd.conf file, in that account's particular VirualHost entry I can add the lines:

    <IfModule mod_security.c>
    <Location /path>
    SecFilterRemove 1001
    </Location>
    </IfModule>


    This removes the rootdir ruleset from being applied to any file accessed under the /path folder in that particular VirtualHost. The other mod_security rules still apply and rootdir will still get caught in directories that are not under the /path folder.

    Hope this helps.
     
Loading...

Share This Page