ModSecurity Tools, ModSecurity Configuration - Rules - Knowledgebase

Portal Home > Knowledgebase > Articles Database > ModSecurity Tools, ModSecurity Configuration - Rules

ModSecurity Tools, ModSecurity Configuration - Rules

Posted by Promex, 11-06-2014, 08:20 AM
Hello, cP has rolled out WHM 11.46.0 as their Release tier and one of the changes would be replacing the previous Mod Security plugin with it's new ModSecurity™ Tools. The new ModSecurity™ Tools seems sophisticated and I'm having difficulties adding rules which were implemented previously, prior to the update. Whenever I attempt to add a rule, it gives this error The error varies for different rules. Did the format of the rules change for ModSecurity™ Tools? How should I alter the rules from the previous configuration such that it will run on ModSecurity™ Tools? I've also noticed the default ModSecurity™ Tools' rules are in ID form, can anyone explain how those rules work (such as fetching from their server, based on the rules ID?) and the respective functions of the default rules. Thank You Last edited by Promex; 11-06-2014 at 08:27 AM.
Posted by Infinitnet, 11-06-2014, 08:26 AM
The error message is actually very self-explanatory. It seems like you have a wrong value for "SecUploadDir" in your mod_security config. It would surely help if you would provide those configs, so we can actually help you fix the problem. With WHM/cPanel the files /usr/local/apache/conf/modsec2.conf and /usr/local/apache/conf/modsec2.user.conf should be the relevant ones containing the mod_security settings and rules.
Posted by Promex, 11-06-2014, 08:36 AM
Hello, Thank You for your reply. Sorry, I forgot to mention that the errors varies from different rules. Let's say I would like to implement this rule: vs On the previous Mod Security plugin, the first rule failed but the second rule works. Although I am not really sure about the reasons, maybe something got to do with defining /tmp as the directory to use. (care to share the reason?) However, now both rules give me error on ModSecurity™ Tools. Are there any differences between the two rules above? Which of the rules are preferred? Thank You Last edited by Promex; 11-06-2014 at 08:45 AM.
Posted by Promex, 11-06-2014, 09:52 AM
Update: This has been resolved.
Posted by Infinitnet, 11-06-2014, 10:32 AM
Unfortunately you still didn't post the content of the files that I requested. Your rule #1 is the actual mod_security rule, while the second "rule" is the same rule with additional mod_security settings, that should actually be specified in one of the two files that I requested already. Now if the second one of the "rules" that you posted works and the first one doesn't, it simply means that somewhere within the two files I requested there are wrong mod_security settings, that simply get "overwritten" by the settings you specified in your second example in addition to the actual mod_security rule. So once again, please post the content of the two files I mentioned, so we can tell what's wrong with the settings in there.
Posted by prashant1979, 11-09-2014, 12:37 PM
I would recommended Comodo's free WAF rules which do a decent job.
Posted by anon-e-mouse, 11-09-2014, 03:09 PM
Closed as requested