Stop Cpanel Update from Overwriting modsecurity rule changes

damonl

Registered
Apr 11, 2013
1
0
51
cPanel Access Level
Reseller Owner
I've got a managed dedicated server that has less than 30 different accounts/domains.

The server is
CENTOS 5.9 x86_64 standard – WHM 11.34.1 (build 7)

My problem is that the default modsecurity rules evidently block curl when called from either an ssh session or cron job.

The rule blocks certain user agents, also lynx. One domain runs an application that relies on daily external updates called by a cron job like

Code:
curl -d "user_name=username&user_pass=password" http://www.example.com/admin/example.php?action=update
When I complained to my server company abour the cron failing they found and disabled the user agent rule, but then after the next cpanel update the rule was back.

They say there is no way around this and my only option is to disable modsecurity completely for the domain.

Does that sound right? Seems like there should be a way.
 
Last edited:

Phincy

Member
Feb 11, 2012
16
0
51
cPanel Access Level
Root Administrator
Hi damonl,

I am not certain how the mod_sec rules are changed by the cPanel update. However, you can exclude files by adding their full path to the following file.

---
/etc/cpanelsync.exclude
---

The cPanel update will not change the files that are listed in the above mentioned configuration file.

Regards,
 
Last edited:

Infopro

Well-Known Member
May 20, 2003
17,113
507
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
Normally cPanel does not maintain or modify your mod_security rules, that would be you or your host.

it's very easy to exclude just the offending rule ID either globally or for the domain in question. If you don't have good working knowledge of mod_security, then configserver modsec control is a good option. I advise you school the tech who told you that you have to disable mod_security completely, or find a host that knows how to maintain the rules and handle false-positives. That should have been a 5 minute phone call ending with "OK, I've added a LocationMatch to exclude that rule ID for you, please try again."