How do i disable modsecurity rulesets for specific domain na

Customer support forums for the modsecurity rules feed. There is no such thing as a bad question here as long as it pertains to using the real time modsecurity rules feed. Newbies feel free to get help getting started or asking questions that may be obvious.
live-city
New Forum User
New Forum User
Posts: 4
Joined: Wed Jul 23, 2014 6:14 pm
Location: PA

How do i disable modsecurity rulesets for specific domain na

Unread post by live-city »

Hello i have the Atomic mod security ruleset installed on my Linux VPS server. I have CentOS 6.5 64 bit, and WHM/cpanel.

Does anyone know how to disable atomics mod security rulesets for specific domain names?

I had my web host recently update my atomic ruleset and now several scripts on my server do not work anymore and it just gives me a 404 not found error and their ruleset is the culprit. My web host does not know how to disable it for specific domain names.

I had to disable it completely on my server, while I am waiting to get feedback from Atomic on how to disable it on specific domains, but i was wondering if anyone here can give me any advice on that and give me some directions on how i can do that? I went over to atomics wiki but only found information on how to disable it with Plesk and not WHM.

thank you.
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: How do i disable modsecurity rulesets for specific domai

Unread post by scott »

This page has examples on the syntax to disable rules by domain or url (or combination):

https://www.atomicorp.com/wiki/index.php/Mod_security

I believe the equivelent of a plesk vhost.conf on cpanel is documented in the cpanel httpd.conf at /usr/local/apache/conf/httpd.conf
live-city
New Forum User
New Forum User
Posts: 4
Joined: Wed Jul 23, 2014 6:14 pm
Location: PA

Re: How do i disable modsecurity rulesets for specific domai

Unread post by live-city »

thanks but i need to send my web host detailed step by step exact directions on how to disable it on a per domain basis for WHM/Cpanel.

I sent them that wiki and they said
"That page is actually written specifically for Plesk, not cPanel. Those instructions will not work on a cPanel server"

So after that. they said they can attempt to follow your instructions as long as they have step by step instructions from you, on how to do it for WHM/cpanel, so if you can please provide me with that, i would greatly appreciate it.

thank you.
prupert
Forum Regular
Forum Regular
Posts: 573
Joined: Tue Aug 01, 2006 2:45 pm
Location: Netherlands

Re: How do i disable modsecurity rulesets for specific domai

Unread post by prupert »

They need to place the configuration inside the VirtualHost in the httpd configuration.

(It's kinda disturbing your host's sysadmin doesn't get that.)
Lemonbit Internet Dedicated Server Management
live-city
New Forum User
New Forum User
Posts: 4
Joined: Wed Jul 23, 2014 6:14 pm
Location: PA

Re: How do i disable modsecurity rulesets for specific domai

Unread post by live-city »

unfortunately my web host just disabled mod. security completely so my PHP scrits can work. i also have config mod security control installed so i can easily disable mod security for specific domain names.

im logged into my knownhost server now, and in config mod sec. control, when disabling mod security for a specific domain and setting it to "off" im getting the following error. do you know what this is about? is this a problem with my apache configuration, a problem with config mod sec. control, or a problem with atomics mod sec. rules itself? i dont have this issue on any of my other 2 VPS servers i have on 2 other web hosts, which have the very same atomic rulesets. only knownhost. it's very strange.


"ModSecurity whitelist for ****: Off
Rebuilding and restarting Apache:
Initial configuration generation failed with the following message:

Configuration problem detected on line 2 of file /usr/local/apache/conf/userdata/std/2/*****/modsec.conf: Invalid command 'SecRuleEngine', perhaps misspelled or defined by a module not included in the server configuration

--- /usr/local/apache/conf/userdata/std/2/*****/modsec.conf ---
1
2 ===> SecRuleEngine Off <===
3
--- /usr/local/apache/conf/userdata/std/2/*****/modsec.conf ---


Rebuilding configuration without any local modifications.

Failed to generate a syntactically correct Apache configuration.
Bad configuration file located at /usr/local/apache/conf/httpd.conf.work.wPvoXzghPFaZWnuH
Error:
Configuration problem detected on line 2 of file /usr/local/apache/conf/userdata/std/2/*****/modsec.conf: Invalid command 'SecRuleEngine', perhaps misspelled or defined by a module not included in the server configuration

--- /usr/local/apache/conf/userdata/std/2/*****/modsec.conf ---
1
2 ===> SecRuleEngine Off <===
3
--- /usr/local/apache/conf/userdata/std/2/*****/modsec.conf ---



...Done"


also My server is running Apache version 2.2.26, PHP version 5.4.22.
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: How do i disable modsecurity rulesets for specific domai

Unread post by scott »

What that probably means is that the mod_security module isnt loaded.

Rough guess here, but these config files:
/usr/local/apache/conf/userdata/std/2/*****/modsec.conf
are probably the ones you were looking for. Thats probably the cpanel equivalant of a vhost.conf
live-city
New Forum User
New Forum User
Posts: 4
Joined: Wed Jul 23, 2014 6:14 pm
Location: PA

Re: How do i disable modsecurity rulesets for specific domai

Unread post by live-city »

my web host recompiled my apache from 2.2.26 to 2.2.27.

i went back into mod sec. security control and im not anymore getting that weird configuration error.

perhaps now mod sec. control will work with my atomic ruleset now that im no longer getting weird apache configuration errors.
prupert
Forum Regular
Forum Regular
Posts: 573
Joined: Tue Aug 01, 2006 2:45 pm
Location: Netherlands

Re: How do i disable modsecurity rulesets for specific domai

Unread post by prupert »

Protip: wrap your module-specific directives inside an 'IfModule' so your configuration won't break if the module isn't loaded.
Lemonbit Internet Dedicated Server Management
Post Reply