Unable to disable mod_security per domain in user interface

[stevenvsi]

Hi,

It used to be possible BUT its gone somehow.

I guess it was a cpanel decision and a workaround exist, right?

What would it be? Also, is there a list of feature changes available?
I do read the fixes in every updates, but I must have missed that one.

Regards,

 

[Infopro]

There's a very popular addon available called: ConfigServer ModSecurity Control that you should find useful.

 

[cPanelKenneth]

Hi,

It used to be possible BUT its gone somehow.

I guess it was a cpanel decision and a workaround exist, right?

What would it be? Also, is there a list of feature changes available?
I do read the fixes in every updates, but I must have missed that one.

Regards,

Hello,

The ability for users to enable or disable ModSecurity for an individual domain is still present in cPanel & WHM version 64. The ability is present in the cPanel interface under ModSecurity.

 

[stevenvsi]

Hello,

The ability for users to enable or disable ModSecurity for an individual domain is still present in cPanel & WHM version 64. The ability is present in the cPanel interface under ModSecurity.

Hence the question. It used to be there but as said BUT it is no longer. We run 62.20.
Was it de activated during an updade? If yes how can we re enable it?

Regards,

 

[cPanelMichael]

Was it de activated during an updade? If yes how can we re enable it?

Hello @stevenvsi,

Check to ensure "ModSecurity™ Domain Manager" is enabled for the feature list associated with the package assigned to the account:

"WHM >> Packages >> Feature Manager"

Thanks!

 

[quizknows]

I very very strongly urge against allowing users to disable modsecurity for their own domains.

Fix or whitelist the bad rules, don't just let people shut if off. It's like allowing your end users in the office to turn off their own firewalls or anti-virus.

By default we diasable this feature in WHM on our servers; if people want to use it we won't stop them, but it's a bad idea all around.

I'd much rather see a cPanel interface for the user that lets them disable rule IDs for their own domain, rather than just completely disabling their own protection.

For people with root/WHM access, we recommend configserver modsec control for per-rule, per-domain, or per-directorymatch whitelisting.

 

[stevenvsi]

Thank you, that was helpful.

It was checked. I did look under another package and the feature was there, so this means it is probably a bug.
I will try switching plan back and forth to see it if helps.

As for disabling the feature suggestion in the following post, I would get non stop complain from all dev working on a Wordpress site.
It is true it is less safe BUT at least until the site is ready to deploy, it allows them to build the site. After its the dicipline to remember to re enable modsec that is crucial for security.

Regards,

 

[quizknows]

Best of luck. Most likely you would just need to disable a few rule ID's that people run in to, and you wouldn't have to mess with it anymore.

I have done exclusions that get 'kicked' by default to our servers, if one person runs into a problem with modsec and wordpress, I fix/exclude that rule for all customers. You are right in that if you don't do something, you will get constant complaints.

 

[stevenvsi]

Hi,

With the new cpanel release (64) I will make sure modsec works as it should and enabled for all.
Last year we had to disable so may rules that it made sense to allow the disable function.

I still have to figure out why the logs are filed with permission denied:
[Tue Apr 11 14:52:25 2017] [error] [client 72.141.187.67] ModSecurity: collection_store: Failed to access DBM file "/var/cpanel/secdatadir/ip": Permission denied [hostname "www.

Everything I tried last time did not work, I do not have days to dig for that and had hoped newer version of cpanel would fix it but no.
Having an eye on everything is very challenging and time consuming.

Regards,

 

[cPanelMichael]

It was checked. I did look under another package and the feature was there, so this means it is probably a bug.
I will try switching plan back and forth to see it if helps.

Note the feature is named "ModSecurity" in the cPanel UI when using the Paper Lantern theme. It's located under the "Security" section in the cPanel UI.

Thank you.