1. V

    Centos 8 - mod_security v3 not working custom rules

    I'm running tests on Centos 8.2 and Cpanel v92. When I install mod_security v3 and want to add custom rules from the edit rules section, I see the following error. None of the SecConnEngine, SecRuleEngine, SecRule codes are recognized. Error: The system could not validate the new Apache...
  2. leonep

    ModSecurity Geolocation Database Setup

    Hi, i want to add Geolocation db in modsecurity config... looking to the description: so it appears ModSecurity accepts only GeoIp v1 format in the maxmind i found only Geoip2 database... any suggestions please??thanks a lot
  3. C

    modsecurity question

    Hello, I know cPanel is loaded with questions similar to what I'm seeing. But I started using (just today/yesterday) modsecurity rules. I'm seeing some permission denied errors for GeoIP and other and I think it is because I don't have a db path in the configuration section for modsecurity...
  4. S

    modsecurity ID's sequential?

    Are modsec rule ID's sequential? Like is their preference linear? If I want to whitelist an IP does my ID have to be as low as possible (eg. 1 thru say 200)? Or can I make it like 60000 and it will still work?
  5. cPAdminsMichael

    Experience with the new OWASP ModSecurity CRS 3.3?

    Hi guys, Does any of you have any experience yet with the newly released OWASP ModSecurity Core Rule Set v3.3 that was released last month? (OWASP ModSecurity Core Rule Set – The 1st Line of Defense Against Web Application Attacks) Worth trying out?
  6. L

    Modsecurity - Configure Individual Domains

    G'day All, Does anyone know where the notation is made within the modsec configuration when a user disables modsecurity for all or any domain within their cPanel? I've looked in the expected locations (/etc/apache2/conf.d/userdata etc.) without success. We just need to be able to produce a...
  7. A

    OWASP ModSecurity Core Rule Set V3.0 breaks after every update

    When I run "/usr/local/cpanel/scripts/modsec_vendor update OWASP3" I get the following errors: The system failed to update the vendor from the URL warn [modsec_vendor] The system failed to update the vendor from the URL...
  8. A

    How to Remove ModSecurity?

    Hi! I've searched this for thousands of topics and haven't found it, oddly enough. I would like to know from any of you how can I clear ModSecurity logs? I already deleted modsec_audit.log, but the logs continue. In my case I have more than 20,000 pages of logs.
  9. J

    In Progress [CPANEL-27532] /scripts/modsec_vendor update failed

    All of our servers are reporting identical update failures: The cPanel & WHM update process failed for the following reason: Maintenance ended; however, it did not exit cleanly (256). The following events were logged: “scripts/modsec_vendor”. Review the update logs to determine why the update...
  10. joaosavioli

    Limiting ModSecurity rule to specific files?

    Hi! Please, how could I limit the action of this rule only in wp-login.php and xmlrpc.php? SecRule REQUEST_HEADERS:User-Agent "@contains gecko" "id:5000501,t:none,t:lowercase,deny,nolog,msg:'BAD BOT - Detected and Blocked. '" Thank you! Joao
  11. weblinks

    Comodo WAF ModSecurity ruleset leading to large secdatadir cache files

    CLOUDLINUX 7.6 [] v78.0.23 Hi, I am getting this alert Time: Mon May 20 04:00:08 2019 +0500 ModSecurity persistent IP database (/var/cpanel/secdatadir/ip.pag) size is 51.73GB This requires further investigation otherwise it will start to affect server performance. but when I am checking...
  12. J

    SOLVED mod_security rule not working

    Trying to stop a bad bot from accessing server using mod_security rules. I have the following but it's not working. SecRule REQUEST_HEADERS:User-Agent "@rx ^(?:Datanyze)$" "msg:'Datanyze blocked',phase:1,log,id:777777,t:none,block,status:403" the word "Datanyze" is contained in the User...
  13. jonh


    I'm getting this error in ModSecurity: collections_remove_stale: Failed to access DBM file "/var/cpanel/secdatadir/global": Permission denied I don't have mod_druid2 enabled. All info says this is the issue, but I don't have this mod loaded/enabled. Causing not to be able to access admin ajax...
  14. cuzzmunger

    ModSecurity - Domain listed not mine

    Hi There, I'm sorry to ask such a silly question but I'm seeing hits on my server through ModSecurity - Tools from other domains or blank altogether with just an IP. I'm not hosting the domain so why am I seeing these hits along with my ones? Any help appreciated. Kim. OWASP3 Hits List...
  15. S

    SOLVED Modsec found critical issue, but did nothing about it?

    I guess I don't understand how modsec works. How did it log this error, but seemingly do nothing about it? Message: Warning. Matched phrase "masscan" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "33"] [id...
  16. O

    Disabling several mod_security rules due to 403 response to POST request?

    I upgraded to WHM 76 and started having an issue where mod_security was blocking form submits that included code. It seemed that whenever the server received a POST request that contained a lot of triangle brackets and matched some code rules/regex and took me to a 403 Forbidden error This was...
  17. S

    SOLVED modsec version?

    I'm running cPanel v74.0.12. It has modsecurity installed with Apache. How do I find out the version of modsec I have? I looked everywhere and cannot find a single thing about version.
  18. M

    Advice on modsecurity response when rule is hit

    Hi, I've been playing with modsecurity past few days. My experiment mostly is posting illegal requests to a website and checking audit log for rule HIT. I am confused on how ModSecurity should work. For example: I do simple GET...
  19. T

    Update hangs due to 3rd Party ModSec Rules

    Updating cPanel/WHM via WebUI -- when using 3rd party ModSecurity ruleset provider WebUI process sticks at 94% and never progresses past this point. If I leave the UI page and come back, it reports it is still in progress and shows me the log file with the same contents -- up to...
  20. M

    SOLVED [EA-8081] ModSecurity v2.9.3 update

    I read ModSecurity has released v2.9.3 This should fix some major issues with modruid2 and permissions on folders modsecurity needed. Any idea when this update will be released for Easy Apache 4 / cPanel users? Or is there a manual update method suggested ? Thanks