Skip to main content

Mod Security Whitelisting URI

durangod

Hi, i would like to whitelist a URI/URL not by IP in Mod Security.  Is there a cPanel guide how to do so?

I am trying to isolate an issue, here is the log entry from mod sec log (via csf's mod security plugin.

 

The above image data was me, i did it as a test.  I clicked on a link and caused the issue, since i dont know why there is an issue in the first place i would like to just whitelist the URI that caused it.   This is a known issue with a software i use, until they can fix it i need to just whitelist the URI. 

I am not sure how to break down the data into understandable sections so i can whitelist a URI, or add a rule exception per URI, that is the end goal.  

Thanks :)

Comments

4 comments

Date Votes
  • cPRex Jurassic Moderator

    Hey there!  This article, which I wrote just for you, should help with that!

    https://support.cpanel.net/hc/en-us/articles/32395587667479-How-to-whitelist-a-specific-URI-in-ModSecurity

    You'll see the raw log at the bottom with the ID field, but it doesn't seem to show the URI, so you may need to search the logs as mentioned in that article.

    1
  • quietFinn

    If you want to whitelist a rule by a domain you can add that in:
    /etc/apache2/conf.d/userdata/std/2_4/CPANELUSERNAME/DOMAIN.TLD
    and
    /etc/apache2/conf.d/userdata/ssl/2_4/CPANELUSERNAME/DOMAIN.TLD

    You may need to create those directories.

    and then:
    /scripts/rebuildhttpdconf
    and
    /scripts/restartsrv_httpd

     

     

    1
  • cPRex Jurassic Moderator

    Yes, there's that option too!

    0
  • durangod

    Awesome guys, thanks so much.   Working with another dev offisite we discovered the issue but i am still going to add this code to test so i can learn. 

    The actual issue was with the script i was running (third party script). It seems that in the js httprequest handler file  if there was no "body type" request it defaulted to text and mod security does not like that, so it caught an actual illegal attempt.    What we did is mod the js code so that if no body type was specified then it would default to application/x-www-form-urlencoded

    if (! body) {
           options.headers.append('Content-Type', 'application/x-www-form-urlencoded')
        }

    I really need to learn much more about mod security and how it works.  But for not thank you both so much, your descriptions are wonderful and make it possible for me to run some test rules to see how they work.  :) 

    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post