Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

What are imh-modsec rules?

Discussion in 'Security' started by tank, Dec 6, 2017.

Tags:
  1. tank

    tank Well-Known Member

    Joined:
    Apr 12, 2011
    Messages:
    254
    Likes Received:
    1
    Trophy Points:
    68
    Location:
    Chicago, IL
    cPanel Access Level:
    Root Administrator
    I see a whole list of rules under /etc/apache2/conf.d/imh-modsec.

    These rules can be processed as i have found out. I tried searching but i can't find out where these rules are from. Any information would be great. Do i need them, should i use these in conjunction with the cpanel rules?

    A side note, they get logged but do not appear in cpanel modsecurity tools.
     
    #1 tank, Dec 6, 2017
    Last edited: Dec 6, 2017
  2. fuzzylogic

    fuzzylogic Well-Known Member

    Joined:
    Nov 8, 2014
    Messages:
    92
    Likes Received:
    50
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    A goggle search for imh-modsec explains where these rules come from.
    They are a proprietary set of rule added by a particular web hosting company.

    One rule mentioned in the search results appears to be a WordPress login failure rule, so there may be some useful rules there if well implemented.

    In page one of the search results there is also a documented way to disable any one of these rules. (not by using the cPanel interface)

    fyi I am unfamiliar with these rules and my knowledge of them is from one goggle search.
     
  3. tank

    tank Well-Known Member

    Joined:
    Apr 12, 2011
    Messages:
    254
    Likes Received:
    1
    Trophy Points:
    68
    Location:
    Chicago, IL
    cPanel Access Level:
    Root Administrator
    Fuzzylogic,

    I never could find that anywhere, it makes sense though. I spent a while searching. I saw the wordpress rules that got triggered.

    Oh well, all I did was just disable a few of those rules that were triggering things unnecessarily.
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,895
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Those are not rules included with cPanel by default. You may want to reach out to your provider to determine if they were implemented during the initial server setup if you did not enable them.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice