Question related Wordpress & ModSecurity ?
AnsweredHey guys, i hope you are doing well
i have question regarding ModSecurity,
in new server which has (ModSecuirty & Imunify360) full installed. everything works and load fine, the issue here is related to plugin related to our adnetwork which we are using in our website. whenever they update something in their side, we notice like website load slow like something related to request or something else. just to confirme in our old server (which doesn't have ModSecurity) everyuthing was fine, we don't get any issue related to slowdown of website when they update something in their side.
My question is it possible to make ModSecurity completly ignore a plugin or add as exclusion to ?
in WHM if i search in plugin/ModSecuiry -> ModSecurity™ Tools, i see lot of list of Hits List
if i search the exact plugin name in search tab, i can find it there and if i click the Rule ID it redirect to it's unique url whm which has :
=====================================
Edit a custom ModSecurity™ rule. Original Id : xxxxxx (numbers instead of xxxxx)
and under it there is: "Rule Text" which has lot of text/code on it secrule which is related to plugin am talking about.....
and under it this box there is
(box) Enable Rule (which is already checked ✔)
(box) Deploy and Restart Apache (not checked)
Save
==========================================
if i uncheck "Enable Rule" box and i click "Save" is this mean, ModSecurity will ignore this plugin or that hits or what exactly ? if yes am i supposed to Check "Deploy and Restart Apache" as well ?
if this doesn't have any relation with it, how am supposed to make ModSecurity ignore or exclude completly any plugin and any change can happen to that plugin i want ?
becuase i found as well in "WHM -> Plugins -> ConfigServer ModSec Control"
there is a a box/window with this: "You can disable rules by DirectoryMatch (e.g. ^/home/someuser/public_html/ignore/some/path/)"
if i type full path of plugin i want there, is this mean, modsecurity will ignore and exclude anything related to that plugin ?
and if am completly wrong (sorry i don't have a good knowledge), please let me know how i can completly make ModSecurity ignore a plugin and anythign related to the plugin)
sorry guys for long message, hopefully someone can explain to me
-
Hi,
If a ModSecurity rule is preventing your plugin from functioning properly, it is possible to disable the ModSecurity rule, or even disable the use of ModSecurity for the entire domain with the use of the ModSecurity Domain Manager feature.
When you uncheck the "Enable Rule" box, then restart Apache, it would disable the ModSecurity rule in question. I suggest monitoring the Apache error log while you reproduce the issue with the plugin to verify which ModSecurity rules are being triggered.
Regarding the ConfigServer ModSec Control feature, this isn't something that we develop or support. It does appear that the DirectoryMatch feature functions in the way you said, in that you can exclude a directory path from ModSecurity. However, if you were facing issues with this feature, I suggest reaching out to the CSF Forums.
1 -
Hey William, thx alot for reply
-> i don't actually want to disable ModSecurity because if am not wrong it's good tool to secure website
-> regarding appache error log, where exactly i will find them, if you can mentionne exactl path/place where to find log regarding this, (i don't have good knowledge am sorry) because in case issue happened i really want to know if a rule actually do this issue
-> DirectoryMatch feature will be last thing i will do in case first option didn't work (Disable rule)
btw please correct me if am wrong, regarding DirectoryMatch in case i want to test it,
This is how looks like in WHM option:
New DirectoryMatch
____________
^/home/Lorenzo/public_html/wp-admin/...in case i want to add this plugin to exclusion, this is path of plugin via cpanel "public_html/wp-content/plugins/ads_network"
and inside "/ads_network" folder there is 3 php file related to the plugin
ads.php
index.php
uninstall.phpnow lets back to DirectoryMatch of ModSecurity, am supposed to put path of each of php files or just folder ipath s enough ?
^/home/Lorenzo/public_html/wp-content/plugins/ads_network/ (btw is their difference if i let it "/ads_network" without (/) and /ads_network/" ?
or i must put all php files directory instead of /ads_network directory, which mean^/home/Lorenzo/public_html/wp-content/plugins/ads_network/ads.php
^/home/Lorenzo/public_html/wp-content/plugins/ads_network/index.php
^/home/Lorenzo/public_html/wp-content/plugins/ads_network/uninstall.phpsorry for taking your time guys and thx alot for your help! sry for my bad english as well
0 -
Hi,
The following article details where to find the Apache error log:
Where can I find the Apache error log
Regarding the DirectoryMatch option, I'd suggest trying to include the directory to the ads_network plugin, but not the files within the directory itself. For example:
/home/cPaneluser/public_html/wp-content/plugins/ads_network/
With that said, please note that this feature is developed by CSF, so I do not have as much experience with it. If you experience further issues with getting the DirectoryMatch feature to work as expected, reaching out to the CSF forums would be best as they are more knowledgeable with their product.
1 -
Thx alot man for your help! i will try it as soon as i notice the issue again! i will try to update this thread with any news
thx again and have a great weekend
0 -
Hi,
You're most welcome for the assistance and I hope you have a great rest of your weekend as well!
0
Please sign in to leave a comment.
Comments
5 comments