Recent Posts

Pages: 1 [2] 3 4 ... 10
11
Look in the logs, and it will show you what rule blocked it.

In you global_disabled_rules.conf, you should have these:

Code: [Select]
## Removed rules for CWP ##
SecRuleRemoveById 960017
SecRuleRemoveById 960015
SecRuleRemoveById 960009
#######################################################
## Removed Rules for WordPress and phpMyAdmin ##
#######################################################
## Removed rules for Wordpress ##
SecRuleRemoveById 981242
SecRuleRemoveById 981246
SecRuleRemoveById 981243
SecRuleRemoveById 959073
SecRuleRemoveById 958030
# Needed for WordPress Cloudflare Plugin
SecRuleRemoveById 911100
## Removed rules for webftp_simple ##
SecRuleRemoveById 950922
SecRuleRemoveById 981000
SecRuleRemoveById 950109
## Removed rules for phpMyAdmin ##
SecRuleRemoveById 981205
SecRuleRemoveById 970901
SecRuleRemoveById 960904
SecRuleRemoveById 960915
SecRuleRemoveById 981318
SecRuleRemoveById 981320
SecRuleRemoveById 981240
12
Hi,

Does WordPress or WooCommerce, the latest versions, have a conflict with the OWASP CRS v4.16.0 rules?

Do I need to set additional rules in the global_disabled_rules.conf file?

thanks in advance!

BR
Venty
...I return OWASP CRS version 4.15.0, everything works - WordPress etc., I return OWASP CRS version 4.16.0 - error 403...
13
Suggestions / Re: SSH Key generation for domain users
« Last post by ylaya88 on July 14, 2025, 12:10:49 PM »
Please, Sir overseer, I suggest you review this request. Please understand that not all of our customers are Linux-skilled individuals, so the goal is to provide them with the most intuitive tools to resolve their issues without the need for Help Desk interventions
14
Suggestions / Simple editor to Master php.ini
« Last post by ylaya88 on July 14, 2025, 12:03:33 PM »
Hello Team,
I request a new feature for the CWP panel. I would like to request the addition of a .conf editor that provides access to the PHP-FPM pool configuration files, specifically those located at /opt/alt/php-fpm8x/usr/etc/php-fpm.d/users/(cwp-username).conf.

My goal with this feature is to enable PHP extensions on a per-user account basis, similar to how cPanel's PHP Selector functions. I believe this would be a very good security measure to limit access to PHP extensions, allowing individual users to enable only the specific extensions that they genuinely need for their applications.
Yhanks ;D
15
E-Mail / Re: Postfix, SpamAssassin, or something else
« Last post by Thorth on July 14, 2025, 12:02:24 PM »
well how i can report them  :-\ looking around for the form, or smt but nothing, since i'm still getting those msgs.

also thinking seriously to ban all their IP, domains, etc
16
Information / Re: Past Due Changelogs
« Last post by mason64 on July 14, 2025, 11:26:39 AM »
I am loving cwp at the moment its a great product and i hope alot more people use it rather than the rip of costs of cPanel and Plesk.

Hopefully the dev's will bring some more updates out soon. i am looking forward to a updated version of the backup system.

keep up the great work and Thank you!
17
just checked it, fixed. can someone also please validate the same.
I checked on my server. IT fixed on version 1207
18
Mod_Security / WordPress or WooCommerce, have a conflict with the OWASP CRS v4.16.0
« Last post by venty on July 14, 2025, 09:51:02 AM »
Hi,

Does WordPress or WooCommerce, the latest versions, have a conflict with the OWASP CRS v4.16.0 rules?

Do I need to set additional rules in the global_disabled_rules.conf file?

thanks in advance!

BR
Venty
19
Mod_Security / Re: OWASP CRS v4.15.0 Just Release
« Last post by venty on July 14, 2025, 09:19:21 AM »
Hi,

Many thanks to Starburst...., but should I merge the two in the rbl.conf file
https://prnt.sc/9Tp9vbYKVfdk

BR
Venty
20
Suggestions / Re: :):):) Comodo WAF rules update required :):):)
« Last post by venty on July 14, 2025, 08:49:24 AM »
i switched back to OWASP latest rules but they are not blocking malicious attempts . i can see in logs its detecting but attempt is not blocked  :-[

on the other hand comodo waf rules keeps blocking everything  :-\ before last update everything was fine and comodo waf rules were the best

Change these lines in csf.conf

Code: [Select]
MODSEC = "2"
Code: [Select]
MODSEC_LOG = "/usr/local/apache/logs/error_log /usr/local/apache/domlogs/*rror.log"Yes, there is a space between those 2 paths, it's kinda hard to see.

Hi,

In my file csf.conf this line "MODSECi" s missing:

Code: [Select]
MODSEC = "2" 

What should I do, what does it do and how is this value 2 determined?

BR
Venty
Pages: 1 [2] 3 4 ... 10