ModSecurity Rules + Whm/Cpanel
Posted: Wed Jan 06, 2016 2:10 pm
Hello guys,
We have problems setting up modsec rules on Whm/Cpanel.
We Followed all instructions on your Wiki:
ModSecurity were already installed.
mkdir and chowned and chmodded
modified also /usr/local/apache/conf/modsec2.user.conf as per your Wiki request ( can also be modified inside default cpanel modsecurity > tool > edit rules ).
Deleted OWASP and COMODO , deploy and restart apache... BUT...
but in cpanel rules list is empty and if i try http://domain.com/index.php?foo=http://blah.com -- modsec seems to be logging on audit folder but cpanel>modsec>tools>hitslist is empty and the request is not been blocked no 403...
We have problems setting up modsec rules on Whm/Cpanel.
We Followed all instructions on your Wiki:
ModSecurity were already installed.
mkdir and chowned and chmodded
modified also /usr/local/apache/conf/modsec2.user.conf as per your Wiki request ( can also be modified inside default cpanel modsecurity > tool > edit rules ).
Deleted OWASP and COMODO , deploy and restart apache... BUT...
but in cpanel rules list is empty and if i try http://domain.com/index.php?foo=http://blah.com -- modsec seems to be logging on audit folder but cpanel>modsec>tools>hitslist is empty and the request is not been blocked no 403...