ModSecurity Rules Per Domain
Howdy.
I need to disable some specific ModSecurity rules on a per-domain basis, but I'm looking for a simpler solution than this.
I see that ConfigServer ModSecurity Control is a cPanel/WHM add-on, but my question is, can this work alongside the existing ModSecurity without affecting WHM features and tools such as the configuration page, hits log and OWASP rules?
Any other thoughts on this are appreciated, as I don't know what I don't know where it comes to modsec.
I am on AlmaLinux v8.9.0 STANDARD virtuozzo cPanel Version 120.0.5.
Thanks!
-
Hey there! That solution from the article is the only official one I have. All you're really doing is creating the files/folders necessary for the Apache include system for one particular user, then editing the file, then restarting the service.
I can't comment on the Configserver ModSec Control tool as that isn't something we make, and I'm not personally familiar with that one.
0 -
We use Configserver ModSec Control to disable rules per user/domain.
You can also disable ModSecurity for all domains by a user.0 -
@quietFinn And it runs alongside the existing WHM modsec pages just fine?
0 -
Yes, no problems whatsoever.
EDIT:
Global whitelisting does not seem to work in ConfigServer ModSecurity Control.0 -
Thanks, quietFinn!!
0 -
Well, that was easy! Quick install, quick implementation. Does exactly what I was hoping. Thanks again!
0
Please sign in to leave a comment.
Comments
7 comments