The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ModSecurity Tools - missing Action Description and Justification

Discussion in 'Security' started by Valetia, Feb 2, 2016.

  1. Valetia

    Valetia Well-Known Member

    Joined:
    Jun 20, 2002
    Messages:
    207
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Hi all,

    In WHM ModSecurity Tools, some of our servers have the Action Description and Justification fields populated, and some don’t (they’re just blank).

    The Request field is populated at all times.

    Also, those that have the blank fields also have unclickable entries in the Rule ID column, with the icons being a circle with a diagonal strike through it.

    The ones with populated fields have clickable entries in the Rule ID column, with the icons being a pencil.

    Any idea what causes these differences, and how we can get the Action Description and Justification fields populated?
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Are you using the OWASP ruleset? Those rules should work fine in the interface. Any custom rules you may be using, probably don't.
     
  3. Valetia

    Valetia Well-Known Member

    Joined:
    Jun 20, 2002
    Messages:
    207
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    It doesn’t seem to matter which vendor it is.

    Whether it’s OWASP or Comodo, the Action Description and Justification fields remain blank on the affected machines.

    The rules do run as expected, which is why the log entries show up to begin with, but the details of what had caused them to run aren’t showing up in those fields in the log entries.
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Strange indeed. I'm using Comodo rules, OWASP rules, Atomicorp rules on different servers and these fields are populated as expected. What version of cPanel is that server running?

    Please feel free to open a ticket to cPanel Technical Support about this if you like.
     
Loading...

Share This Page