Older mod_security ruleset still active

Bdzzld

Well-Known Member
Apr 3, 2004
410
5
168
Hi,

I'm running the OWASP mod_security ruleset on our servers. At least one of these servers is however blocking genuine traffic due to a "WEB_ATTACK/COMMAND_INJECTION" rule. The "WEB_ATTACK/COMMAND_INJECTION" rule however seems to be a remnant from the older cPanel mod_security ruleset. How can this older ruleset be disabled or removed as it seems to block genuine traffic? I only want to use the newest ruleset

Thanks.
 

Bdzzld

Well-Known Member
Apr 3, 2004
410
5
168
Very strange no one replied to this thread as...
Found the solution myself by replacing /usr/local/apache/conf/modsec2.user.conf with an empty file and then restarting httpd.
 

Bdzzld

Well-Known Member
Apr 3, 2004
410
5
168
@Infopro : I agree, but the rules in that file were remnants of a time when mod_security rules were added via an editor window. These days they 've all been replaced (and updated!) by the OWASP ModSecurity Core Rule Set.