Older mod_security ruleset still active

Bdzzld · May 3, 2016

Hi,

I'm running the OWASP mod_security ruleset on our servers. At least one of these servers is however blocking genuine traffic due to a "WEB_ATTACK/COMMAND_INJECTION" rule. The "WEB_ATTACK/COMMAND_INJECTION" rule however seems to be a remnant from the older cPanel mod_security ruleset. How can this older ruleset be disabled or removed as it seems to block genuine traffic? I only want to use the newest ruleset

Thanks.

Bdzzld · May 5, 2016

Very strange no one replied to this thread as...
Found the solution myself by replacing /usr/local/apache/conf/modsec2.user.conf with an empty file and then restarting httpd.

Infopro · May 5, 2016

Not the best way to solve an issue with a specific rule I don't think. Each rule should have an ID, that ID can be whitelisted. Or, in that file you replaced completely, you could have simply remarked out the specific rule with, #

Bdzzld · May 5, 2016

@Infopro : I agree, but the rules in that file were remnants of a time when mod_security rules were added via an editor window. These days they 've all been replaced (and updated!) by the OWASP ModSecurity Core Rule Set.

Thread starter	Similar threads	Forum	Replies	Date
S	Public_html and other sub folder index.php and htaccess file issue	Security	5	Nov 14, 2022
	Files in .quarantine folder flagged as infected by ImmunifyAV	Security	2	Jan 20, 2022
	SOLVED Can't delete or rename folders, plus infected files keep showing	Security	22	Feb 12, 2021
M	In the public folder, there is a folder that keeps showing up after I delete it	Security	1	Dec 20, 2020
	How to disable mod_security2 for one folder	Security	2	Feb 19, 2009

Search

Search

Older mod_security ruleset still active

Bdzzld

Well-Known Member

Bdzzld

Well-Known Member

Infopro

Well-Known Member

Bdzzld

Well-Known Member