Whitelist Config:
<LocationMatch .*>
SecRuleRemoveById 210700
<DirectoryMatch ‘^/remote.php/webdav/’>
SecRuleEngine Off
Modesec2 config:
LoadFile /opt/xml2/lib/libxml2.so
LoadFile /opt/lua/lib/liblua.so
LoadModule security2_module modules/mod_security2.so
SecRuleEngine On
SecAuditEngine RelevantOnly
SecAuditLog logs/modsec_audit.log
SecDebugLog logs/modsec_debug.log
SecDebugLogLevel 0
SecRequestBodyAccess On
SecDataDir /tmp
SecTmpDir /tmp
SecPcreMatchLimit 250000
SecPcreMatchLimitRecursion 250000
Include “/var/cpanel/cwaf/etc/cwaf.conf”
Include “/usr/local/apache/conf/modsec2.user.conf”
Include “/usr/local/apache/conf/modsec2.whitelist.conf”
Still getting errors on the log about this rule, that should be disabled:
xpto.ptws.net xxx.xxx.xxx.xxx 210700 [30/May/2014:13:02:28 +0100]
Match of “within %{tx.allowed_methods}” against “REQUEST_METHOD” required. [file “/var/cpanel/cwaf/rules/cwaf_01.conf”] [line “408”] [id “210700”] [msg “COMODO WAF: Method is not allowed by policy”] [data “PROPFIND”] [severity “CRITICAL”]
xpto.ptws.net 1xxx.xxx.xxx.xxx 210700 [30/May/2014:13:02:23 +0100]
Match of “within %{tx.allowed_methods}” against “REQUEST_METHOD” required. [file “/var/cpanel/cwaf/rules/cwaf_01.conf”] [line “408”] [id “210700”] [msg “COMODO WAF: Method is not allowed by policy”] [data “PROPFIND”] [severity “CRITICAL”]
xpto.ptws.net xxx.xxx.xxx.xxx 210700 [30/May/2014:13:02:18 +0100]
Match of “within %{tx.allowed_methods}” against “REQUEST_METHOD” required. [file “/var/cpanel/cwaf/rules/cwaf_01.conf”] [line “408”] [id “210700”] [msg “COMODO WAF: Method is not allowed by policy”] [data “PROPFIND”] [severity “CRITICAL”]
xpto.ptws.net xxx.xxx.xxx.xxx 210700 [30/May/2014:13:02:13 +0100]
Match of “within %{tx.allowed_methods}” against “REQUEST_METHOD” required. [file “/var/cpanel/cwaf/rules/cwaf_01.conf”] [line “408”] [id “210700”] [msg “COMODO WAF: Method is not allowed by policy”] [data “PROPFIND”] [severity “CRITICAL”]
xpto.ptws.net xxx.xxx.xxx.xxx 210700 [30/May/2014:13:02:07 +0100]
Match of “within %{tx.allowed_methods}” against “REQUEST_METHOD” required. [file “/var/cpanel/cwaf/rules/cwaf_01.conf”] [line “408”] [id “210700”] [msg “COMODO WAF: Method is not allowed by policy”] [data “PROPFIND”] [severity “CRITICAL”]
We need help to solve this issue!!!
Regards