Author Topic: mod_security Config  (Read 24651 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
mod_security Config
« on: January 21, 2015, 05:22:16 AM »
Hello,

CWP very strick rule with mod_security, for newbie : can anyone suggest for mod_security configuration to run cms like wordpress,osticket etc.., with .htaccess

----
Main Configuration --> /usr/local/apache/conf.d/mod_security.conf
OWASP Configuration --> /usr/local/apache/modsecurity-crs/modsecurity_crs_10_config.conf
Disabled Rules --> /usr/local/apache/conf/mod_sec_disabled_rules.conf

sorry for my bad english :(

Offline
*
Re: mod_security Config
« Reply #1 on: April 14, 2015, 01:54:04 AM »
I find lots of problems with Mod_security with CWP Centos Web Panel after installing .
 I see after installing wordpress  there are lots of white pages or error 500
Quote
Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at uremail@email.com to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.

and even many wordpress plugins and themes stop working the site.

following are some common rules you can find at your CENT WEB Panel in  mod_security Config page   /index.php?module=mod_security

I find some of them and anyone can put to in this file and disable it 
/usr/local/apache/conf/mod_sec_disabled_rules.conf
or in easy way put ur ip in 192.168.1.1 here : https://192.168.1.1:2031/index.php?module=file_editor&file=/usr/local/apache/conf/mod_sec_disabled_rules.conf

with other rules put these rules for WordPress

Quote
## SELF RULES WODPRESS ##
SecRuleRemoveById 910006
SecRuleRemoveById 950000
SecRuleRemoveById 950001
SecRuleRemoveById 950005
SecRuleRemoveById 950006
SecRuleRemoveById 950103
SecRuleRemoveById 950117
SecRuleRemoveById 950907
SecRuleRemoveById 958018
SecRuleRemoveById 958039
SecRuleRemoveById 958051
SecRuleRemoveById 958291
SecRuleRemoveById 959006
SecRuleRemoveById 960000
SecRuleRemoveById 960006
SecRuleRemoveById 960008
SecRuleRemoveById 960010
SecRuleRemoveById 960011
SecRuleRemoveById 960012
SecRuleRemoveById 960035
SecRuleRemoveById 960335
SecRuleRemoveById 960904
SecRuleRemoveById 960915
SecRuleRemoveById 970003
SecRuleRemoveById 970015
SecRuleRemoveById 970903
SecRuleRemoveById 973301
SecRuleRemoveById 973302
SecRuleRemoveById 973305
SecRuleRemoveById 973306
SecRuleRemoveById 973308
SecRuleRemoveById 973316
SecRuleRemoveById 973330
SecRuleRemoveById 973331
SecRuleRemoveById 973332
SecRuleRemoveById 973334
SecRuleRemoveById 973335
SecRuleRemoveById 973336
SecRuleRemoveById 973337
SecRuleRemoveById 973344
SecRuleRemoveById 973346
SecRuleRemoveById 973347
SecRuleRemoveById 981001
SecRuleRemoveById 981004
SecRuleRemoveById 981172
SecRuleRemoveById 981240
SecRuleRemoveById 981241
SecRuleRemoveById 981244
SecRuleRemoveById 981248
SecRuleRemoveById 981249
SecRuleRemoveById 981255
SecRuleRemoveById 981256
SecRuleRemoveById 981260
SecRuleRemoveById 981317
SecRuleRemoveById 981318
SecRuleRemoveById 981319
SecRuleRemoveById 981320
SecRuleRemoveById 959070

 updated 26/01/2016
Still I am a learner. and all about website and VPS I learn from Google.
« Last Edit: January 26, 2016, 12:01:18 PM by iqbalthakur »
THAKUR

Offline
*
Re: mod_security Config
« Reply #2 on: April 16, 2015, 12:07:33 PM »
Thanks a lot. Really helped me getting my Wordpress website up again.

Offline
*
Re: mod_security Config
« Reply #3 on: October 11, 2016, 05:53:43 PM »
I find lots of problems with Mod_security with CWP Centos Web Panel after installing .
 I see after installing wordpress  there are lots of white pages or error 500
Quote
Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at uremail@email.com to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.

and even many wordpress plugins and themes stop working the site.

following are some common rules you can find at your CENT WEB Panel in  mod_security Config page   /index.php?module=mod_security

I find some of them and anyone can put to in this file and disable it 
/usr/local/apache/conf/mod_sec_disabled_rules.conf
or in easy way put ur ip in 192.168.1.1 here : https://192.168.1.1:2031/index.php?module=file_editor&file=/usr/local/apache/conf/mod_sec_disabled_rules.conf

with other rules put these rules for WordPress

Quote
## Rules for the CWP ##
SecRuleRemoveById 960017
SecRuleRemoveById 960015
SecRuleRemoveById 960009
########################################
## Removed Rules for Joomla, WordPress and Drupal CMSs ##
########################################
## Joomla ##
SecRuleRemoveById 960024
SecRuleRemoveById 950120
SecRuleRemoveById 981173
SecRuleRemoveById 950901
SecRuleRemoveById 981257
SecRuleRemoveById 981245
SecRuleRemoveById 973338
SecRuleRemoveById 973300
SecRuleRemoveById 973304
SecRuleRemoveById 973333
SecRuleRemoveById 973333
## Wordpress ##
SecRuleRemoveById 981242
SecRuleRemoveById 981246
SecRuleRemoveById 981243
SecRuleRemoveById 959073
SecRuleRemoveById 958030
## Drupal ##
SecRuleRemoveById 981231
## Removed rules for the webftp_simple ##
SecRuleRemoveById 950922
SecRuleRemoveById 981000
SecRuleRemoveById 950109
## phpMyAdmin ##
SecRuleRemoveById 981205
SecRuleRemoveById 970901
## SELF RULES WODPRESS ##
SecRuleRemoveById 910006
SecRuleRemoveById 950000
SecRuleRemoveById 950001
SecRuleRemoveById 950005
SecRuleRemoveById 950006
SecRuleRemoveById 950103
SecRuleRemoveById 950117
SecRuleRemoveById 950907
SecRuleRemoveById 958018
SecRuleRemoveById 958039
SecRuleRemoveById 958051
SecRuleRemoveById 958291
SecRuleRemoveById 959006
SecRuleRemoveById 960000
SecRuleRemoveById 960006
SecRuleRemoveById 960008
SecRuleRemoveById 960010
SecRuleRemoveById 960011
SecRuleRemoveById 960012
SecRuleRemoveById 960035
SecRuleRemoveById 960335
SecRuleRemoveById 960904
SecRuleRemoveById 960915
SecRuleRemoveById 970003
SecRuleRemoveById 970015
SecRuleRemoveById 970903
SecRuleRemoveById 973301
SecRuleRemoveById 973302
SecRuleRemoveById 973305
SecRuleRemoveById 973306
SecRuleRemoveById 973308
SecRuleRemoveById 973316
SecRuleRemoveById 973330
SecRuleRemoveById 973331
SecRuleRemoveById 973332
SecRuleRemoveById 973334
SecRuleRemoveById 973335
SecRuleRemoveById 973336
SecRuleRemoveById 973337
SecRuleRemoveById 973344
SecRuleRemoveById 973346
SecRuleRemoveById 973347
SecRuleRemoveById 981001
SecRuleRemoveById 981004
SecRuleRemoveById 981172
SecRuleRemoveById 981240
SecRuleRemoveById 981241
SecRuleRemoveById 981244
SecRuleRemoveById 981248
SecRuleRemoveById 981249
SecRuleRemoveById 981255
SecRuleRemoveById 981256
SecRuleRemoveById 981260
SecRuleRemoveById 981317
SecRuleRemoveById 981318
SecRuleRemoveById 981319
SecRuleRemoveById 981320
SecRuleRemoveById 959070
SecRuleRemoveById 970009
SecRuleRemoveById 981251
SecRuleRemoveById 981247
SecRuleRemoveById 970016
SecRuleRemoveById 973321
SecRuleRemoveById 960020
SecRuleRemoveById 959072
SecRuleRemoveById 950007
SecRuleRemoveById 973315

 restart Apache Webserver[/q][/font][/color] updated 11/10/2016
« Last Edit: October 11, 2016, 05:55:57 PM by iqbalthakur »
THAKUR

Offline
*
Re: mod_security Config
« Reply #4 on: October 11, 2016, 06:04:31 PM »
Hello,

CWP very strick rule with mod_security, for newbie : can anyone suggest for mod_security configuration to run cms like wordpress,osticket etc.., with .htaccess

----
Main Configuration --> /usr/local/apache/conf.d/mod_security.conf
OWASP Configuration --> /usr/local/apache/modsecurity-crs/modsecurity_crs_10_config.conf
Disabled Rules --> /usr/local/apache/conf/mod_sec_disabled_rules.conf



you can see the log like


here sample ip is 192.168.1.1 its ur server ip [Tue Oct 11 19:25:02 2016] [error] [client 192.168.1.1] ModSecurity: Access denied with code 403 (phase 1). Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/local/apache/modsecurity-crs/base_rules/modsecurity_crs_30_http_policy.conf"] [line "31"] [id "960032"] [rev "2"] [msg "Method is not allowed by policy"] [data "PROPFIND"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "192.168.1.1"] [uri "/webdav/"] [unique_id "V-zvNn8AAAEAADb8boYAAAAJ"]

in above see and find id "960032"
and go in /usr/local/apache/conf/mod_sec_disabled_rules.conf
and  ur find id code 960032
to save like
SecRuleRemoveById 960032
and restart ur
Apache Webserver
and done .but see first when uploading or when you run plugin and its error like white page or error page then log as same above error in ur mod_sec
THAKUR