Control Web Panel
Security => Mod_Security => Topic started by: qheart on January 21, 2015, 05:22:16 AM
-
Hello,
CWP very strick rule with mod_security, for newbie : can anyone suggest for mod_security configuration to run cms like wordpress,osticket etc.., with .htaccess
----
Main Configuration --> /usr/local/apache/conf.d/mod_security.conf
OWASP Configuration --> /usr/local/apache/modsecurity-crs/modsecurity_crs_10_config.conf
Disabled Rules --> /usr/local/apache/conf/mod_sec_disabled_rules.conf
-
I find lots of problems with Mod_security with CWP Centos Web Panel after installing .
I see after installing wordpress there are lots of white pages or error 500
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator at uremail@email.com to inform them of the time this error occurred, and the actions you performed just before this error.
More information about this error may be available in the server error log.
and even many wordpress plugins and themes stop working the site.
following are some common rules you can find at your CENT WEB Panel in mod_security Config page /index.php?module=mod_security
I find some of them and anyone can put to in this file and disable it
/usr/local/apache/conf/mod_sec_disabled_rules.conf
or in easy way put ur ip in 192.168.1.1 here : https://192.168.1.1:2031/index.php?module=file_editor&file=/usr/local/apache/conf/mod_sec_disabled_rules.conf
with other rules put these rules for WordPress
## SELF RULES WODPRESS ##
SecRuleRemoveById 910006
SecRuleRemoveById 950000
SecRuleRemoveById 950001
SecRuleRemoveById 950005
SecRuleRemoveById 950006
SecRuleRemoveById 950103
SecRuleRemoveById 950117
SecRuleRemoveById 950907
SecRuleRemoveById 958018
SecRuleRemoveById 958039
SecRuleRemoveById 958051
SecRuleRemoveById 958291
SecRuleRemoveById 959006
SecRuleRemoveById 960000
SecRuleRemoveById 960006
SecRuleRemoveById 960008
SecRuleRemoveById 960010
SecRuleRemoveById 960011
SecRuleRemoveById 960012
SecRuleRemoveById 960035
SecRuleRemoveById 960335
SecRuleRemoveById 960904
SecRuleRemoveById 960915
SecRuleRemoveById 970003
SecRuleRemoveById 970015
SecRuleRemoveById 970903
SecRuleRemoveById 973301
SecRuleRemoveById 973302
SecRuleRemoveById 973305
SecRuleRemoveById 973306
SecRuleRemoveById 973308
SecRuleRemoveById 973316
SecRuleRemoveById 973330
SecRuleRemoveById 973331
SecRuleRemoveById 973332
SecRuleRemoveById 973334
SecRuleRemoveById 973335
SecRuleRemoveById 973336
SecRuleRemoveById 973337
SecRuleRemoveById 973344
SecRuleRemoveById 973346
SecRuleRemoveById 973347
SecRuleRemoveById 981001
SecRuleRemoveById 981004
SecRuleRemoveById 981172
SecRuleRemoveById 981240
SecRuleRemoveById 981241
SecRuleRemoveById 981244
SecRuleRemoveById 981248
SecRuleRemoveById 981249
SecRuleRemoveById 981255
SecRuleRemoveById 981256
SecRuleRemoveById 981260
SecRuleRemoveById 981317
SecRuleRemoveById 981318
SecRuleRemoveById 981319
SecRuleRemoveById 981320
SecRuleRemoveById 959070
updated 26/01/2016
Still I am a learner. and all about website and VPS I learn from Google.
-
Thanks a lot. Really helped me getting my Wordpress website up again.
-
I find lots of problems with Mod_security with CWP Centos Web Panel after installing .
I see after installing wordpress there are lots of white pages or error 500
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator at uremail@email.com to inform them of the time this error occurred, and the actions you performed just before this error.
More information about this error may be available in the server error log.
and even many wordpress plugins and themes stop working the site.
following are some common rules you can find at your CENT WEB Panel in mod_security Config page /index.php?module=mod_security
I find some of them and anyone can put to in this file and disable it
/usr/local/apache/conf/mod_sec_disabled_rules.conf
or in easy way put ur ip in 192.168.1.1 here : https://192.168.1.1:2031/index.php?module=file_editor&file=/usr/local/apache/conf/mod_sec_disabled_rules.conf (https://192.168.1.1:2031/index.php?module=file_editor&file=/usr/local/apache/conf/mod_sec_disabled_rules.conf)
with other rules put these rules for WordPress
## Rules for the CWP ##
SecRuleRemoveById 960017
SecRuleRemoveById 960015
SecRuleRemoveById 960009
########################################
## Removed Rules for Joomla, WordPress and Drupal CMSs ##
########################################
## Joomla ##
SecRuleRemoveById 960024
SecRuleRemoveById 950120
SecRuleRemoveById 981173
SecRuleRemoveById 950901
SecRuleRemoveById 981257
SecRuleRemoveById 981245
SecRuleRemoveById 973338
SecRuleRemoveById 973300
SecRuleRemoveById 973304
SecRuleRemoveById 973333
SecRuleRemoveById 973333
## Wordpress ##
SecRuleRemoveById 981242
SecRuleRemoveById 981246
SecRuleRemoveById 981243
SecRuleRemoveById 959073
SecRuleRemoveById 958030
## Drupal ##
SecRuleRemoveById 981231
## Removed rules for the webftp_simple ##
SecRuleRemoveById 950922
SecRuleRemoveById 981000
SecRuleRemoveById 950109
## phpMyAdmin ##
SecRuleRemoveById 981205
SecRuleRemoveById 970901
## SELF RULES WODPRESS ##
SecRuleRemoveById 910006
SecRuleRemoveById 950000
SecRuleRemoveById 950001
SecRuleRemoveById 950005
SecRuleRemoveById 950006
SecRuleRemoveById 950103
SecRuleRemoveById 950117
SecRuleRemoveById 950907
SecRuleRemoveById 958018
SecRuleRemoveById 958039
SecRuleRemoveById 958051
SecRuleRemoveById 958291
SecRuleRemoveById 959006
SecRuleRemoveById 960000
SecRuleRemoveById 960006
SecRuleRemoveById 960008
SecRuleRemoveById 960010
SecRuleRemoveById 960011
SecRuleRemoveById 960012
SecRuleRemoveById 960035
SecRuleRemoveById 960335
SecRuleRemoveById 960904
SecRuleRemoveById 960915
SecRuleRemoveById 970003
SecRuleRemoveById 970015
SecRuleRemoveById 970903
SecRuleRemoveById 973301
SecRuleRemoveById 973302
SecRuleRemoveById 973305
SecRuleRemoveById 973306
SecRuleRemoveById 973308
SecRuleRemoveById 973316
SecRuleRemoveById 973330
SecRuleRemoveById 973331
SecRuleRemoveById 973332
SecRuleRemoveById 973334
SecRuleRemoveById 973335
SecRuleRemoveById 973336
SecRuleRemoveById 973337
SecRuleRemoveById 973344
SecRuleRemoveById 973346
SecRuleRemoveById 973347
SecRuleRemoveById 981001
SecRuleRemoveById 981004
SecRuleRemoveById 981172
SecRuleRemoveById 981240
SecRuleRemoveById 981241
SecRuleRemoveById 981244
SecRuleRemoveById 981248
SecRuleRemoveById 981249
SecRuleRemoveById 981255
SecRuleRemoveById 981256
SecRuleRemoveById 981260
SecRuleRemoveById 981317
SecRuleRemoveById 981318
SecRuleRemoveById 981319
SecRuleRemoveById 981320
SecRuleRemoveById 959070
SecRuleRemoveById 970009
SecRuleRemoveById 981251
SecRuleRemoveById 981247
SecRuleRemoveById 970016
SecRuleRemoveById 973321
SecRuleRemoveById 960020
SecRuleRemoveById 959072
SecRuleRemoveById 950007
SecRuleRemoveById 973315
restart Apache Webserver[/q][/font][/color] updated 11/10/2016
-
Hello,
CWP very strick rule with mod_security, for newbie : can anyone suggest for mod_security configuration to run cms like wordpress,osticket etc.., with .htaccess
----
Main Configuration --> /usr/local/apache/conf.d/mod_security.conf
OWASP Configuration --> /usr/local/apache/modsecurity-crs/modsecurity_crs_10_config.conf
Disabled Rules --> /usr/local/apache/conf/mod_sec_disabled_rules.conf
you can see the log like
here sample ip is 192.168.1.1 its ur server ip [Tue Oct 11 19:25:02 2016] [error] [client 192.168.1.1] ModSecurity: Access denied with code 403 (phase 1). Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/local/apache/modsecurity-crs/base_rules/modsecurity_crs_30_http_policy.conf"] [line "31"] [id "960032"] [rev "2"] [msg "Method is not allowed by policy"] [data "PROPFIND"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "192.168.1.1"] [uri "/webdav/"] [unique_id "V-zvNn8AAAEAADb8boYAAAAJ"]
in above see and find id "960032"
and go in /usr/local/apache/conf/mod_sec_disabled_rules.conf
and ur find id code 960032
to save like
SecRuleRemoveById 960032
and restart ur
Apache Webserver
and done .but see first when uploading or when you run plugin and its error like white page or error page then log as same above error in ur mod_sec