Cpanel Disable mod_security2 for a single domain

No Comments

Mod_security is an open source Apache module.

This can be considered as firewall for web applications. It secures the system from the attackers.

The following steps can be used to disable mod_security2 rule for one domain in cPanel servers.

1. Make the directory “/usr/local/apache/conf/userdata/std/2/username/domain.com

2. Create a file “vhost.conf” in the above location

3. Add the following lines :

———-

<IfModule mod_security2.c>

SecRuleEngine Off

</IfModule>

———-

To disable mod_security2 for a particular location :

———

<LocationMatch specify_the_path_here>

<IfModule mod_security2.c>

SecRuleEngine Off

</IfModule>

</LocationMatch>

———

To disable a particular mod_security2 rule :

———

<IfModule mod_security2.c>

SecRuleRemoveById give_ruleID_here

</IfModule>

———

Run the following script after making the changes.

———

/scripts/ensure_vhost_includes --user=username

———

This script will uncomment the following line in apache configuration and restart apache.

———–

Include “/usr/local/apache/conf/userdata/std/2/username/domain.com/*.conf”

.htaccess file to block IP’s coming from Nginx reverse proxy

No Comments

If you have a Nginx reverse proxy in front of your Apache webserver the .htaccess format is:

# ALLOW USER BY IP
order deny,allow
SetEnvIF X-Forwarded-For "1.2.3.4" DenyIP
SetEnvIF X-Forwarded-For "10." DenyIP
Deny from env=DenyIP
 

You must use X-Forward or it will not work unless the reverse proxy is setup in a certain way. As you can see, just update the IP’s you want blacklisted and they will be blocked. Yes, you can do the same thing with a firewall, but webmasters don’t have control of those.

Why?
The reason I did this recently is because of a Nginx + cPanel server setup running shared hosting. When a domain gets caught spamming due to insecure scripts or it’s getting hammered by an exploit, it is best to suspend the domain. Yes, but then when the client wants to work on it, they can’t.

How to enable second-level quota on openvz VPS – Tutorial for SolusVM

No Comments

if you have cpanel installed in a vps and quota is not working then this solution is for you:

1. shutdown vps

2. run: vzctl set <veid> –quotaugidlimit 500 –save

(500 is number of users/groups that will be accounted. i think 500 is enough for most users)

3. start vps

now in ssh console run

/scripts/fixquotas

that’s all.

 

Older Entries