The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Older mod_security ruleset still active

Discussion in 'Security' started by Bdzzld, May 3, 2016.

  1. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
    Hi,

    I'm running the OWASP mod_security ruleset on our servers. At least one of these servers is however blocking genuine traffic due to a "WEB_ATTACK/COMMAND_INJECTION" rule. The "WEB_ATTACK/COMMAND_INJECTION" rule however seems to be a remnant from the older cPanel mod_security ruleset. How can this older ruleset be disabled or removed as it seems to block genuine traffic? I only want to use the newest ruleset

    Thanks.
     
  2. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
    Very strange no one replied to this thread as...
    Found the solution myself by replacing /usr/local/apache/conf/modsec2.user.conf with an empty file and then restarting httpd.
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,472
    Likes Received:
    200
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Not the best way to solve an issue with a specific rule I don't think. Each rule should have an ID, that ID can be whitelisted. Or, in that file you replaced completely, you could have simply remarked out the specific rule with, #
     
  4. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
    @Infopro : I agree, but the rules in that file were remnants of a time when mod_security rules were added via an editor window. These days they 've all been replaced (and updated!) by the OWASP ModSecurity Core Rule Set.
     
Loading...

Share This Page