What are imh-modsec rules?

tank

Well-Known Member
Apr 12, 2011
255
5
68
Chicago, IL
cPanel Access Level
Root Administrator
I see a whole list of rules under /etc/apache2/conf.d/imh-modsec.

These rules can be processed as i have found out. I tried searching but i can't find out where these rules are from. Any information would be great. Do i need them, should i use these in conjunction with the cpanel rules?

A side note, they get logged but do not appear in cpanel modsecurity tools.
 
Last edited:

fuzzylogic

Well-Known Member
Nov 8, 2014
154
93
78
cPanel Access Level
Root Administrator
A goggle search for imh-modsec explains where these rules come from.
They are a proprietary set of rule added by a particular web hosting company.

One rule mentioned in the search results appears to be a WordPress login failure rule, so there may be some useful rules there if well implemented.

In page one of the search results there is also a documented way to disable any one of these rules. (not by using the cPanel interface)

fyi I am unfamiliar with these rules and my knowledge of them is from one goggle search.
 

tank

Well-Known Member
Apr 12, 2011
255
5
68
Chicago, IL
cPanel Access Level
Root Administrator
Fuzzylogic,

They are a proprietary set of rule added by a particular web hosting company.
I never could find that anywhere, it makes sense though. I spent a while searching. I saw the wordpress rules that got triggered.

Oh well, all I did was just disable a few of those rules that were triggering things unnecessarily.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,224
463
Hello,

Those are not rules included with cPanel by default. You may want to reach out to your provider to determine if they were implemented during the initial server setup if you did not enable them.

Thank you.