Our features site is undergoing a refresh! Be sure to explore the revamped site and discover our latest product roadmap launching here on Monday, March 18th.
New Topic
cPanel & WHM Feature RequestsTopicSecurity
Properties
Category Security
Tags modsecurity

Modsecurity tools: Ability to ignore specific rule ID's per user account

John Hawkins shared this idea 8 years ago
Open Discussion

Currently cPanel's Modsecurity tools only allow for disabling:

  1. Rule ID's server-wide
  2. Modsecurity entirely for a given user account's domain(s)


It would be helpful to be able to ignore specific rule ID's on a per-account basis, so that if a particular rule is causing issues with a single account's CMS, for example, you don't have to chose between:


  1. Removing the security of a particular rule for all server users because it causes issues for a single account
  2. Removing the protections of Modsecurity entirely for a given account just because a single rule has proved problematic


Any exposed UI for ignoring Modsecurity rule ID's per-account/domain would ideally be accessible both within WHM and cPanel.


Thanks for making a great product and for your consideration of this feature!

28 I like this idea 0  

Replies (3)

photo
2
benny@cpanel.net 8 years ago

Thanks so much for this submission! Adding the UI is definitely something we can consider, but I wanted to mention that this can be done on the command line by root on a per-domain basis right now with the use of VirtualHost include files.

Reply
photo
1
John Hawkins 8 years ago

Great share re: include files - in the meantime, thanks for considering the UI!

photo
photo
2
Alex 8 years ago

Until such time as this might be included, you can use CMC to do exactly this:


http://configserver.com/cp/cmc.html


Its a WHM-only UI without a cPanel component, but allows you to ignore modsec rules on a per account or per domain basis.

Personally i'd prefer to see cPanel's time spent on other things given that CMC exists and is part of the standard toolset for many hosts.

Reply
photo
2
John Hawkins 8 years ago

Thanks for this! Actually we have used CMC for years - and it is fantastic. The problem for us is having multiple automated tools which tinker with the Modsecurity config... and since cPanel has decided to wade into the waters with their own system, we would really prefer to stick with the core solution if possible.

That said, regarding your last statement - we totally agree with your sentiment. We really do wish that when cPanel decides to implement functionality already provided by a prominent third party solution, the feature set would be a little more complete so there is some meaningful migration path. Otherwise it just creates configuration headaches because you have to either balance multiple tools which run the risk of conflicting with one another - or lose significant functionality when using the core-supported cPanel tool.

photo
photo
2
nibb 7 years ago

Indeed great. Today, when customers have a problem with mod security, the only option for them is turning it globally off for that domain.

Turning only that specific rule off is a better security approach. But in order for this to work, cPanel has to add first the option for customers to see the logs or rules they are hitting.

Reply
Leave a Comment
 
Attach a file

cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.