The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Modsecurity

Discussion in 'Security' started by starbolt, Apr 16, 2010.

  1. starbolt

    starbolt Registered

    Joined:
    Nov 11, 2008
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Blumenau, SC, Brazil
    Hello everyone,

    I currently run some servers with cPanel, and they have modsecurity active to increase security. The problem i'm facing is that mod_security is blocking some scripts that are usually OK, or in other words, there is too many false-positives.

    I came up with an idea to fix that. Since my traffic is 90% from my country, and usually the problems i had with security came from other countries, i decided to create a rule on mod_security to "relax" a bit when the ip is from my country.

    Here is what i have on my modsec2.conf:

    SecGeoLookupDb /usr/local/geo/GeoIP.dat
    SecRule REMOTE_ADDR "@geoLookup"
    SecRule GEO:COUNTRY_CODE "@streq BR" phase:1,nolog,allow,ctl:ruleEngine=off

    What i want it do to is:

    - Look the user IP address and check on the database that i downloaded from Maxmind, and confirm if its from my country or not.

    - If the ip is from my country, mod_security will skip phase 1, because on this phase all false-positives happened.

    In case the ip is from another country, mod_security will work on full power!

    Anyways, my question is:

    Is this rule above right? Some months ago i wrote it and it was working, but i lost it when i upgraded apache and now i'm not sure if this is right.

    Thank you!
     
  2. starbolt

    starbolt Registered

    Joined:
    Nov 11, 2008
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Blumenau, SC, Brazil
    Anyone help?
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,453
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  4. mohit

    mohit Well-Known Member

    Joined:
    Jul 12, 2005
    Messages:
    553
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Sticky On Internet
    newer apache would require newer mod-security and compatible ruleset.

    Also you can specifically disable few rules per account using
    ConfigServer ModSecurity Control
     
Loading...

Share This Page