Global Mod Security Rule Disable

D

dotcomUNDERGROUND

Verified User
Joined
Mar 31, 2022
Messages
32
Dashboard > ModSecurity >Modify global configuration section says "
Disabled rules: A list of web application firewall rules that are not used when processing requests for this hostname."

How can I disable some rules for all domains (current and new)?

I see almost all client domains are triggering false positive mod security rules for webmail.domain.com or domain.com/webmail access. So I need to disable those rules globally.
 
Good question, I did whitelist a couple of rules, but for a certain customer the rules were still triggered, although I could not reproduce it myself in Roundcube myself. After disabling the rules on the customers domain, the problems disappeared.

In general I think it is a pitty that these rulesets are breaking normal DA functions like PHPmyAdmin and Roundcube. It would be nice if DA provided a custom Ruleset for the software, DA basic functions proof.
 
toktokcity said:
Good question, I did whitelist a couple of rules, but for a certain customer the rules were still triggered, although I could not reproduce it myself in Roundcube myself. After disabling the rules on the customers domain, the problems disappeared.

In general I think it is a pitty that these rulesets are breaking normal DA functions like PHPmyAdmin and Roundcube. It would be nice if DA provided a custom Ruleset for the software, DA basic functions proof.
Click to expand...
That's a great suggestion, and i'm sure if you contacted them they would consider it. Something like that would be a proper positive!

All i'll say here, is, being the devil's advocate, how far would you want the guys to test? What software would you want tested? What extras would you want testing? Only reason I say this is if you have something like Softaculous, or Installatron on your server, and your customers go wild with the abundance of scripts there, i'll bet your bottom dollar a few of those software packages would trigger Modsecurity and give you a support ticket headache.

Just out of curiosity are you using the OWASP ruleset or the COMODO? COMODO is a bit more forgiving i've found. OWASP can be brutal, but it's only doing as it's told.
 
You must log in or register to reply here.
Back
Top