Centos Web Panel - How To Disable a Mod Security Rule For A Single Domain
Posted by The Curious Website Designer | Posted on Sun 18 Feb 2018
I recently had cause to disable a mod_security rule for this website (it didn't like me trying to make reference to system files in my posts), so I researched it online and made the appropriate changes. However, I have subsequently discovered that it is fairly easy to do it from within the Centos Web Panel.
Here's how to do it.
Step 1. Establish Which Rule Needs Whitelisting.
The problem became apparent as I tried to save an article which discussed editing the main SSH configuration file. Mod Security stepped in and prevented me from doing so in case it was an attack on a critical system File. This is the relevant line in the Apache Log (see the article Troubleshooting Problems With Centos Web Panel for more information about finding the Apache Log file).
[Sun Feb 18 11:33:19.079802 2018] [:error] [pid 9398:tid 139821804623616] [client 217.44.77.92:58470] [client 217.44.77.92] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "etc/ssh/sshd_config" at ARGS:product_description[1][description]. [file "/usr/local/apache/modsecurity-cwaf/rules/09_Global_Other.conf"] [line "57"] [id "210580"] [rev "1"] [msg "COMODO WAF: OS File Access Attempt||ocmodz.co.uk|F|2"] [data "Matched Data: etc/ssh/sshd_config found within ARGS:product_description[1][description]:
You can see what happened (Access denied with code 403) and why (Matched phrase "etc/ssh/sshd_config"). The item of most interest, though, is the ID of the rule that has triggered the forbidden response. In this case it is
[id "210580"]
Because I want to be able to make references to system files on this domain, I am going to disable the rule. However, as I'm hosting other domains on this server, I only want to disable the rule for my domain and not any of the others.
Step 2. Create or Edit the ModSecurity Configuration File For The Specific Domain
To edit the domain specific ModSecurity configuration file, click on Security > Mod Security from the admin dropdown menu.
Then, scroll down the page until you find the section to 'Modify User Whitelist'. Select your domain and click the button.
This confused me initially, because it brings you back to the ModSecurity page. However, at the top of the page, it provides the Domain and SubDomain list for the account. Click the link for the domain or subdomain you require and this will open a new or existing file for editing.
In order to whitelist the rule add (on a new line):
- SecRuleRemoveById 210580
Save the file
Step 3. Update The vHosts File.
From the Centos Web Panel admin menu, click on Apache Settings > Edit Apache vHosts and find the section for your domain ('thecuriouswebsitedesigner.co.uk' in this case).
Find the line:
- # Include /usr/local/apache/conf/userdata/account/thecuriouswebsitedesigner.co.uk/*.conf
Related Articles
How To Fix 403 Forbidden Error
Posted by: The Curious Website Designer
on Fri 28 Jun 2019
Following an update, I started getting random 403 Forbidden errors on some of my (and my clients) sites. In this situation, I would normally check the Apache error log to see what was causing the problem, but there was nothing in the log to suggest anything was amiss. This is how I resolved my situation.
Tags: modsecurity, mod security, mod_security, disable mod security, disable modsecurity, disable mod_security