OWASP ModSecurity Core Rule Set V3.0 whm-server-status

rpvw

Well-Known Member
Jul 18, 2013
1,101
458
113
UK
cPanel Access Level
Root Administrator
For anyone irritated by the ModSecurity Tools logged Hits every 5 minutes generated by the 'GET /whm-server-status' triggering rule id 920280 .......... this is for you :)

1) Go to Home » Security Center » ModSecurity™ Tools » Rules List and make sure you don't already have a rule id 1000 (if you do, alter the rule id:1000 in the code below to anything that does not already exist, but is below 920280 - I recommend you try and keep your Custom rules below 900000)

2) Click on the Add Rule blue button

3) Paste the following code into the Rule Text Box
Code:
#
# This chained rule looks for the whm-server-status script being called from localhost
# If both the rules validate, the rule id 920280 is disabled for this transaction
#
SecRule REQUEST_URI "whm-server-status" id:1000,phase:1,t:none,pass,nolog,chain
SecRule REMOTE_ADDR "@ipMatch 127.0.0.1" t:none,nolog,ctl:ruleRemoveById=920280
4) Check the Enable Rule and also the Deploy and Restart Apache boxes.

5) Click Save

Done - you should not see any more logged hits for GET /whm-server-status if the call came from localhost.
 
  • Like
Reactions: cPanelMichael
Thread starter Similar threads Forum Replies Date
B Workarounds and Optimization 1