Atomicorp

Hello i have the Atomic mod security ruleset installed on my Linux VPS server. I have CentOS 6.5 64 bit, and WHM/cpanel.

Does anyone know how to disable atomics mod security rulesets for specific domain names?

I had my web host recently update my atomic ruleset and now several scripts on my server do not work anymore and it just gives me a 404 not found error and their ruleset is the culprit. My web host does not know how to disable it for specific domain names.

I had to disable it completely on my server, while I am waiting to get feedback from Atomic on how to disable it on specific domains, but i was wondering if anyone here can give me any advice on that and give me some directions on how i can do that? I went over to atomics wiki but only found information on how to disable it with Plesk and not WHM.

thank you.

This page has examples on the syntax to disable rules by domain or url (or combination):

https://www.atomicorp.com/wiki/index.php/Mod_security

I believe the equivelent of a plesk vhost.conf on cpanel is documented in the cpanel httpd.conf at /usr/local/apache/conf/httpd.conf

thanks but i need to send my web host detailed step by step exact directions on how to disable it on a per domain basis for WHM/Cpanel.

I sent them that wiki and they said
"That page is actually written specifically for Plesk, not cPanel. Those instructions will not work on a cPanel server"

So after that. they said they can attempt to follow your instructions as long as they have step by step instructions from you, on how to do it for WHM/cpanel, so if you can please provide me with that, i would greatly appreciate it.

thank you.

They need to place the configuration inside the VirtualHost in the httpd configuration.

(It's kinda disturbing your host's sysadmin doesn't get that.)

unfortunately my web host just disabled mod. security completely so my PHP scrits can work. i also have config mod security control installed so i can easily disable mod security for specific domain names.

im logged into my knownhost server now, and in config mod sec. control, when disabling mod security for a specific domain and setting it to "off" im getting the following error. do you know what this is about? is this a problem with my apache configuration, a problem with config mod sec. control, or a problem with atomics mod sec. rules itself? i dont have this issue on any of my other 2 VPS servers i have on 2 other web hosts, which have the very same atomic rulesets. only knownhost. it's very strange.


"ModSecurity whitelist for ****: Off
Rebuilding and restarting Apache:
Initial configuration generation failed with the following message:

Configuration problem detected on line 2 of file /usr/local/apache/conf/userdata/std/2/*****/modsec.conf: Invalid command 'SecRuleEngine', perhaps misspelled or defined by a module not included in the server configuration

--- /usr/local/apache/conf/userdata/std/2/*****/modsec.conf ---
1
2 ===> SecRuleEngine Off <===
3
--- /usr/local/apache/conf/userdata/std/2/*****/modsec.conf ---


Rebuilding configuration without any local modifications.

Failed to generate a syntactically correct Apache configuration.
Bad configuration file located at /usr/local/apache/conf/httpd.conf.work.wPvoXzghPFaZWnuH
Error:
Configuration problem detected on line 2 of file /usr/local/apache/conf/userdata/std/2/*****/modsec.conf: Invalid command 'SecRuleEngine', perhaps misspelled or defined by a module not included in the server configuration

--- /usr/local/apache/conf/userdata/std/2/*****/modsec.conf ---
1
2 ===> SecRuleEngine Off <===
3
--- /usr/local/apache/conf/userdata/std/2/*****/modsec.conf ---



...Done"


also My server is running Apache version 2.2.26, PHP version 5.4.22.

What that probably means is that the mod_security module isnt loaded.

Rough guess here, but these config files:

/usr/local/apache/conf/userdata/std/2/*****/modsec.conf

are probably the ones you were looking for. Thats probably the cpanel equivalant of a vhost.conf

my web host recompiled my apache from 2.2.26 to 2.2.27.

i went back into mod sec. security control and im not anymore getting that weird configuration error.

perhaps now mod sec. control will work with my atomic ruleset now that im no longer getting weird apache configuration errors.

Protip: wrap your module-specific directives inside an 'IfModule' so your configuration won't break if the module isn't loaded.