Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Older mod_security ruleset still active

Discussion in 'Security' started by Bdzzld, May 3, 2016.

  1. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    386
    Likes Received:
    4
    Trophy Points:
    168
    Hi,

    I'm running the OWASP mod_security ruleset on our servers. At least one of these servers is however blocking genuine traffic due to a "WEB_ATTACK/COMMAND_INJECTION" rule. The "WEB_ATTACK/COMMAND_INJECTION" rule however seems to be a remnant from the older cPanel mod_security ruleset. How can this older ruleset be disabled or removed as it seems to block genuine traffic? I only want to use the newest ruleset

    Thanks.
     
  2. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    386
    Likes Received:
    4
    Trophy Points:
    168
    Very strange no one replied to this thread as...
    Found the solution myself by replacing /usr/local/apache/conf/modsec2.user.conf with an empty file and then restarting httpd.
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Not the best way to solve an issue with a specific rule I don't think. Each rule should have an ID, that ID can be whitelisted. Or, in that file you replaced completely, you could have simply remarked out the specific rule with, #
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    386
    Likes Received:
    4
    Trophy Points:
    168
    @Infopro : I agree, but the rules in that file were remnants of a time when mod_security rules were added via an editor window. These days they 've all been replaced (and updated!) by the OWASP ModSecurity Core Rule Set.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice