Stop Cpanel Update from Overwriting modsecurity rule changes

D

damonl

Registered
Apr 11, 2013
1
0
51
cPanel Access Level
Reseller Owner
I've got a managed dedicated server that has less than 30 different accounts/domains.

The server is
CENTOS 5.9 x86_64 standard – WHM 11.34.1 (build 7)

My problem is that the default modsecurity rules evidently block curl when called from either an ssh session or cron job.

The rule blocks certain user agents, also lynx. One domain runs an application that relies on daily external updates called by a cron job like

Code: 
curl -d "user_name=username&user_pass=password" http://www.example.com/admin/example.php?action=update
When I complained to my server company abour the cron failing they found and disabled the user agent rule, but then after the next cpanel update the rule was back.

They say there is no way around this and my only option is to disable modsecurity completely for the domain.

Does that sound right? Seems like there should be a way.
 
Last edited:
P

Phincy

Member
Feb 11, 2012
16
0
51
cPanel Access Level
Root Administrator
Hi damonl,

I am not certain how the mod_sec rules are changed by the cPanel update. However, you can exclude files by adding their full path to the following file.

---
/etc/cpanelsync.exclude
---

The cPanel update will not change the files that are listed in the above mentioned configuration file.

Regards,
 
Last edited:
I

Infopro

Well-Known Member
May 20, 2003
17,075
524
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
Q

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
Normally cPanel does not maintain or modify your mod_security rules, that would be you or your host.

it's very easy to exclude just the offending rule ID either globally or for the domain in question. If you don't have good working knowledge of mod_security, then configserver modsec control is a good option. I advise you school the tech who told you that you have to disable mod_security completely, or find a host that knows how to maintain the rules and handle false-positives. That should have been a 5 minute phone call ending with "OK, I've added a LocationMatch to exclude that rule ID for you, please try again."
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
I SOLVED CPANEL-42469 - New cPanel installs ModSec Tools Hits empty/stopped Security 8
T SOLVED cPanel & WHM change log feed update is stopped. Security 2
S How to stop cPanel cron that add iptables rules? Security 4
kpmedia Stop cPanel redirects for subdomains, subfolders Security 1
S How to understand the cPanel mail reports and stop spammers? Security 13
Similar threads
SOLVED CPANEL-42469 - New cPanel installs ModSec Tools Hits empty/stopped
SOLVED cPanel & WHM change log feed update is stopped.
How to stop cPanel cron that add iptables rules?
Stop cPanel redirects for subdomains, subfolders
How to understand the cPanel mail reports and stop spammers?
Top Bottom