ConfigServer ModSecControl Questions
Hi,
I have just submitted a support ticket before I saw this thread. I thought this is related so I'd like to post it here to get an answer.
================
Hi,
For a long time, we have been using CMC in our servers using gotroot rules. In recent Cpanel updates, we found out that some old configuration for CMC have ceased to work, i.e. domain level whitelisting function, which by the way is very handy on a shared hosting environment, in case certain rule creates a conflict only for one domain and good to be active for the rest of the domain.
Cpanel does not provide a way to disable Cpanel's ModSec Tools(CMT) via WHM and has to be done manually I believe, which I am not confident about. The existence of CMT creates a conflict with CMC configuration and results to a lot of invalid errors, i.e. screenshot: prntscr.com/79vntm
Also this
[Wed May 27 16:48:27.224797 2015] [:error] [pid 646798] [client 120.29.65.82] ModSecurity: collections_remove_stale: Failed to access DBM file "/var/cpanel/secdatadir/ip": Permission denied [hostname ""> [uri "/wp-content/plugins/jetpack/modules/wpgroho.js"> [unique_id "VWWE23dRoNwACd6O4T8AAAAE">
I can't find a conclusive workaround to solve this, even on forum, other Cpanel users are complaining about similar issues,
-
Now, concerning CMC features. I'd like to take note of the following. -CMC allows global or domain level white listing of rules. Screenshot prntscr.com/79zawc -Log Entries can be expanded in greater depth/details that allows quick analysis without having to login and check logs. -Seamless integration with ConfigServer Exploit Scanner ( very useful security tool which Cpanel do not have yet ) 0 -
Hello, Please keep in mind that ConfigServer develops these applications. They will need to update their application in order to work with newer versions of cPanel. I suggest continuing to consult with them through their support channels regarding this issue. Thank you. 0 -
run this command and it should start working again ln -s /usr/local/apache/logs/modsec_audit.log /usr/local/apache/logs/modsec_audit/modsec_audit.log 0 -
Thank you for the information guys. I have installed Cpanel OWASP rules last night and this morning. We got a bunch of tickets requesting to unblock their IPs because they've been blocked by firewall due to OWASP false positive triggers. I wonder if Cpanel ran a comprehensive test of these rules on shared hosting environment. I'm thinking it would be best if Cpanel could come up with a whitelisted rule database ideal for shared hosting. It's very tedious to be attending to blocking related tickets due to false positivess. Screenshot: - Removed - 0 -
I have just white listed two rules that are triggering false positive. Rule IDs: 981205 and 970901 0 -
run comodo wap here very few false positives the OWASP is a third party use at you own risk not really cpanel's job to to police OWASP 0 -
Hi Dalem, Thanks for the update. I'll try COMODO then, aside from the rules I have blocked yesterday, I'm seeing a bunch of other false positive today. About OWASP and Cpanel, I do know that OWASP is independent but what I'm thinking is that since Cpanel have included OWASP as an optional rule vendor by default, it would be great if Cpanel could at least maintain a database of rules that aren't ideal on a shared hosting environment so that users like myself will not have to go through a bunch of testing just to know which rules work and which do not. Then, we can simply have all those rules white listed or disabled. 0 -
it would be great if Cpanel could at least maintain a database of rules that aren't ideal on a shared hosting environment so that users like myself will not have to go through a bunch of testing just to know which rules work and which do not. Then, we can simply have all those rules white listed or disabled.
Hello, A "Report this hit" option is available on the ModSecurity Tools page when "More" is pulled down. It's important to use this feature if you want to alert the vendor about which rules are not suitable for a shared hosting environment. Thank you.0
Please sign in to leave a comment.
Comments
8 comments