1. G

    In Progress ZC-11209 - ModSec custom rules lost after Leapp upgrade

    After upgrade from CentOS 7 to RockyLinux 8 I am getting this hit in modsec blocking some applications from submitting login request to my backend. Message: Warning. Match of "rx ^%{tx.allowed_request_content_type}$" against "TX:0" required. [file...
  2. A

    ModSecurity to disable for Wordpress

    Hello, ModSecurity ban user who use Wordpress admin editing, What is the list of rules to disable in ModSecurity? Thanks
  3. C

    OWASP ModSecurity Core Rule Set 3.3.5 [Security Fix]

    Hello, The OWASP ModSecurity Core Rule Set (CRS) team is pleased to announce the release of CRS v3.3.5. This is a security release which fixes the recently announced CVE-2023-38199, whereby it is possible to cause an impedance mismatch on some platforms running CRS v3.3.4 and earlier by...
  4. J

    ChatGPT script to generate hack alerts from mod_sec

    I sometimes struggle to understand what is going on with the logs of mod_sec so I can best thwart them. So I asked ChatGPT. It came up with a python script to send alerts and breakdown in plain language the alert. Here it is below. I haven't used it yet but thought it interesting enough to...
  5. D

    using ModSec 3 with nginx rev proxy

    I will preface this with saying that to my knowledge, this problem started after upgrading to AlmaLinux 8 and/or enabling the nginx reverse proxy. Feeling that modsec 2 was not working, I followed the modsec 3 guide, found here...
  6. PeteS

    Allowing HTTP methods PATCH and DELETE in modsecurity

    Q1: It appears that the default modsec in cPanel does not allow PATCH or DELETE (only GET HEAD POST OPTIONS, per rule 901160). Is this the case, and if so, why? # Default HTTP policy: allowed_methods (rule 900200) SecRule &;TX:allowed_methods "@eq 0" \...
  7. verdon

    ModSecurity Tools not logging all hits

    Hi. I'm not convinced that all hits to mod_security are showing up in ModSecurity Tools > Hits List. There are lots of results in there, but I'm fairly sure not all. Is that possible?
  8. Motamedi

    problem with ModSecurity

    Hello, I get the following error when adding from rule "". Error: API failure: The vendor metadata does not contain an entry for your version of ModSecurity, “2.9.6”. The only versions of ModSecurity this rule set supports are “2.7.5”...
  9. A

    Google bot triggering OWASP modsecurity rule 949110

    Last few days we have been noticing that Google crawler IP's (i.e. have stared being blocked by the OWASP modsecurity rules. This is not an isolated case, we have many servers and the same issues has been seen across all of them. Previously we had no issues like this related to...
  10. leonep

    modsecurity 3 update

    Hello, looking page Modsecurity 3 cpanel Docs I noticed that modsecurity3 is still on experimental. since the page on this page is on July 13, 2022 I was wondering if maybe it's been released or if you know when it will be done. thank you !!
  11. bejbi

    ModSecurity OWASP blocking GTMetrix

    If you are using OWASP rules v. 3.3.4 you can experience problem with GTmetrix service. All requests will serve 403 error. It is interesting becouse probably GTmetrix sends forbidden header. GTmetrix is blocked by 3 rules: 920450 - request protocol enforcement 949110 - request blocking...
  12. ljj3

    In Progress CPANEL-41695 - Modsecurity Geo Database

    Is GeoLite2-Country-Locations-en.csv the file that ModSecurity needs to have Geolocation Database pointed to? I'm confused... My GeoIP.dat is very old, but the MAXMIND list of databases are al GeoIP2 which are not compatible with ModSecurity...
  13. C

    Modsecurity 2.9.6 [Fix Security]

    Mod Security 2.9.6 security update released. Is it possible to update Mod security from 2.9.3 to 2.9.6? it is necessary in order to update CRS to 3.3.4
  14. I

    ModSecurity Tools showing server ip as source ip

    I am running Apache behind Nginx. Over the ModSecurity tools page under the "source" column it's only the main IP address of the server. What do I need to do to get the actual attacker IP?
  15. webmastergreg

    OWASP 3.3.2 and "ping" with rules 932150 and 1234123447

    Hello FYI I was confronted with the blocking of an interface following modsecurity blocking by rule N°1234123447 Precisely the request: "?_wblapi=/forsef/v1/ping" Triggers rule N°1234123447 because of the term "ping" In bold just below. ModSecurity: Access denied with code 501, [Rule: 'ARGS'...
  16. M

    [SOLVED] Update OWASP CRS?

    Is it possible to get the most updated OWASP Core Rule Set on CentOS? We would like to implement ModSecurity rules that are available on the latest versions. We’re on version 3.0 and the current stable version is 3.3. Are there compatibility issues with cPanel for the latest version?
  17. PeteS

    Error in ModSecurity transfer

    On transferring Service Configurations, ModSecurity completed with one failure: Failed: (XID 2chkk6) The WHM API v1 call “modsec_make_config_inactive” failed: The following configuration is not active: modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf Upon retrying it...
  18. leonep

    ModSecurity Traditional Mode or Anomaly Score

    Hi guys, based on your experience in a shared hosting environment it is preferable to set modsecurity to traditional mode or anomaly score? I am running on traditional but i have frequent false-positive. the good in traditional mode is less load on server. what do you think? thanks
  19. G

    Using ModSecurity

    I've installed mod_security2 and read the cPanel docs: but I have a few other questions. 1. Should I install OWASP? What does it do? 2. I see under "Configuration" that I can provide a link to a MaxMind database...
  20. A

    ModSecurity SQL Injection

    Hi, the last few days i've been battling with one specific website (out of many on the same server) which wont render correctly. When inspecting, the site loads as plain HTML and the console shows a load of 403 or 404 errors for every image, CSS file or JS script. I have finally got it narrowed...