modsecurity

Hi. I just noticed I cannot get to my site at all. I'm looking at the /usr/local/apache/logs/error_log file and see a whole bunch of weird stuff. When I try going to my site, I get a Too many redirects error, however, I can still successfully access the WHM stuff. Here's what a snippet of...

I see in /usr/local/apache/logs/error_logs a lot of error messages. Here's a small chunk. [Mon Jul 18 19:19:34.821609 2016] [:error] [pid 6823] [client 127.0.0.1] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file...

I have cpanel/whm 56 build 25, centos 5.11. I have mode security enabled. There are 5 rules (OWASP) not enabled. I try to enable them but they won't enable. It says: Warning: You have successfully enabled some of the configuration files. The files that the system failed to enable are marked...

mod_security Blocking Form Contents (IE: Textboxes containing URL Links) If a TextBox has a URL (starting with HTTP) as its contents, submitting the form triggers a FORBIDDEN error, I have tracked this down to a setting in "mod_security" which is possibly designed to prevent SQL Injection...

Hello, My mod_security is being triggered from last couple of days for few sites. Even the server's IP is also comes in host name in some triggered list. Here are the details of few attacks : 1- Host: Sitename.com Request: GET...

/etc/cron.hourly/modsecparse.pl: $ENV{lib::restrict-!-d_ok_in} is deprecated use $lib::restrict::d_ok_in at /usr/local/cpanel/Cpanel/lib.pm line 19. $ENV{lib::restrict-!-d_ok_in} is deprecated use $lib::restrict::d_ok_in at /usr/local/cpanel/Cpanel/lib.pm line 19. $ENV{lib::restrict-!-d_ok_in}...

Hi there!! I get a huge amount of errors from apache: ModSecurity: Audit log: Failed to create subdirectories: /usr/local/apache/logs/modsec_audit/nobody/20160530/20160530-1505 (Permission denied) [hostname "www.xxxxxxxx.com"] [uri "xxxx.php"] [unique_id "xxxxxxxxxxxxxxxx"] I'm running apache...

Hi How can take a list with active and disabled ID rules ? I want to know the IDs which are currently disabled example id 950120 not the rule group

Hi I'm using so far nginx as a reverse proxy in front of apache 2.4, PHP 5.6 Everything works great. In the apache log I can see the real ips of the visitors. I use proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host...

I am trying to use SecConnReadStateLimit directive to limit the number of connections per IP. If I set the limit to be anything smaller than 256, the website is completely unaccessible. For example, if I set it to 100, here is what I saw from the error log: [256] of 100 allowed in READ state...

Is it possible to display any other logs in cpanel file manager for user end ?

ModSecurity is enabled, I'm not sue what I wasn't seeing the settings pages before. I'm just not sure why one website would be having this issue. It's basically making the website inaccessible. It's a basic wordpress website. It was working fine on another cpanel server just the other day. I...

My chat folder gives so many errors How to disable mod security for only one folder?

Apache Module: MPM ITK - EasyApache 4 - cPanel Documentation states however Apache Module: ModSecurity - EasyApache - cPanel Documentation states: So is Modsec + MPM ITK compatible in EA3 or EA4? Would use ModRuid2 but no cache/memcache (I presume MPM ITK will work with caching)

Hi guys, Sunday I have installed Mod Security on our VPS (this is our first time we are using Mod Security). Unfortunately it has banned all visitors, except me. This is generally not a problem, but to be honest this time I have no idea how to unban those users. Does anyone have an idea? If I...

Trying to install mod security vendor which seems to work fine on all our other servers. But one particular server is giving this error: Not sure why but I'm getting this on one server. Probably server issue? How to fix? Error:API failure: The system could not download the file...

How do I whitelist an IP address in Modsecurity ? One of our accounts uses the sucuri firewall and all traffic from sucuri is being blocked in modsecurity.

Yet another ModSecurity thread... So as per our other recent post, we've recently switched from our own customized version of the AtomiCorp rules to the OWASP rules provided by cPanel. On all of our servers, /usr/local/apache/logs/error_log is filled with these: [Mon Feb 09 18:51:54...

I updated Cpanel to the version that supports OWASP and enabled it Everything seemed fine on most sites until I tried to edit a wordpress page Various issues including unable to edit pages - editing pages results in odd behavior when I disabled the ruleset - wordpress went back to...

See attachment for what I saw when I attempted to log into WHM recently. However, clicking on the "More Information" link brought me to http://go.cpanel.net/modsecuritydocs which then redirected to http://confluence0.cpanel.net/display/LC/ModSecurity+-+cPanel+UI?1 which doesn't load correctly...