ModSecurity add & remove rule for a domain
Hi. I have multiple domains on my server protected with ModSecurity tools.
I use a rule (Default HTTP policy: restricted_extensions rule 900240) in ModSecurity that I wish to remove for a single domain BUT replace it with another rule that is very similar and allows access to a certain file extension.
I have copied the new rule and created my variant for the single domain. How can I achieve this?
-
Hello @Volt55, The ModSecurity Domain Manager feature will allow you to completely enable or disable ModSecurity on account, but it doesn't allow an individual cPanel user to configure specific rules per domain. I recommend using a third-party plugin such as ConfigServer ModSecurity Control if you'd like to easily configure individual ModSecurity rules per account: ConfigServer ModSecurity Control (cmc) Thank you. 0 -
I haven't tried the plugins Michael is referring to, but you can select for a domain in your custom rule by adding the following type of SecRule to your new rule: SecRule SERVER_NAME "thedomain.com" "t:lowercase"
To exempt a domain, you can use:SecRule SERVER_NAME "!@streq thedomain.com" "t:lowercase"
You might run into issues with editing an existing rule, so you may want to create your own custom rule for the existing one and disable the existing rule.0
Please sign in to leave a comment.
Comments
2 comments