The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Stop Cpanel Update from Overwriting modsecurity rule changes

Discussion in 'Security' started by damonl, Apr 11, 2013.

  1. damonl

    damonl Registered

    Joined:
    Apr 11, 2013
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    I've got a managed dedicated server that has less than 30 different accounts/domains.

    The server is
    CENTOS 5.9 x86_64 standard – WHM 11.34.1 (build 7)

    My problem is that the default modsecurity rules evidently block curl when called from either an ssh session or cron job.

    The rule blocks certain user agents, also lynx. One domain runs an application that relies on daily external updates called by a cron job like

    Code:
    curl -d "user_name=username&user_pass=password" http://www.example.com/admin/example.php?action=update
    When I complained to my server company abour the cron failing they found and disabled the user agent rule, but then after the next cpanel update the rule was back.

    They say there is no way around this and my only option is to disable modsecurity completely for the domain.

    Does that sound right? Seems like there should be a way.
     
    #1 damonl, Apr 11, 2013
    Last edited: Apr 11, 2013
  2. Phincy

    Phincy Member

    Joined:
    Feb 11, 2012
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi damonl,

    I am not certain how the mod_sec rules are changed by the cPanel update. However, you can exclude files by adding their full path to the following file.

    ---
    /etc/cpanelsync.exclude
    ---

    The cPanel update will not change the files that are listed in the above mentioned configuration file.

    Regards,
     
    #2 Phincy, Apr 12, 2013
    Last edited: Apr 12, 2013
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,446
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    This post is relevant I believe:
    ModSecurity Changes in EasyApache 3.16 - cPanel Forums


    That is incorrect. For example you could simply disable the one rule, for the one domain if you wanted to, with this:
    ConfigServer ModSecurity Control
     
  4. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Normally cPanel does not maintain or modify your mod_security rules, that would be you or your host.

    it's very easy to exclude just the offending rule ID either globally or for the domain in question. If you don't have good working knowledge of mod_security, then configserver modsec control is a good option. I advise you school the tech who told you that you have to disable mod_security completely, or find a host that knows how to maintain the rules and handle false-positives. That should have been a 5 minute phone call ending with "OK, I've added a LocationMatch to exclude that rule ID for you, please try again."
     
Loading...

Share This Page