Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What are imh-modsec rules?

Discussion in 'Security' started by tank, Dec 6, 2017.

Tags:
  1. tank

    tank Well-Known Member

    Joined:
    Apr 12, 2011
    Messages:
    253
    Likes Received:
    0
    Trophy Points:
    66
    Location:
    Chicago, IL
    cPanel Access Level:
    Root Administrator
    I see a whole list of rules under /etc/apache2/conf.d/imh-modsec.

    These rules can be processed as i have found out. I tried searching but i can't find out where these rules are from. Any information would be great. Do i need them, should i use these in conjunction with the cpanel rules?

    A side note, they get logged but do not appear in cpanel modsecurity tools.
     
    #1 tank, Dec 6, 2017
    Last edited: Dec 6, 2017
  2. fuzzylogic

    fuzzylogic Well-Known Member

    Joined:
    Nov 8, 2014
    Messages:
    61
    Likes Received:
    26
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    A goggle search for imh-modsec explains where these rules come from.
    They are a proprietary set of rule added by a particular web hosting company.

    One rule mentioned in the search results appears to be a WordPress login failure rule, so there may be some useful rules there if well implemented.

    In page one of the search results there is also a documented way to disable any one of these rules. (not by using the cPanel interface)

    fyi I am unfamiliar with these rules and my knowledge of them is from one goggle search.
     
  3. tank

    tank Well-Known Member

    Joined:
    Apr 12, 2011
    Messages:
    253
    Likes Received:
    0
    Trophy Points:
    66
    Location:
    Chicago, IL
    cPanel Access Level:
    Root Administrator
    Fuzzylogic,

    I never could find that anywhere, it makes sense though. I spent a while searching. I saw the wordpress rules that got triggered.

    Oh well, all I did was just disable a few of those rules that were triggering things unnecessarily.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    41,484
    Likes Received:
    1,612
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Those are not rules included with cPanel by default. You may want to reach out to your provider to determine if they were implemented during the initial server setup if you did not enable them.

    Thank you.
     
Loading...

Share This Page