CWAF CPanel Plugin Latest 1.6 - Error

When i turn off GLOBALLY one rule, it doesn’t work, modsecurity continues blocking with that rule.

I’ve GLOBALLY turned off 210700, restarted apache, nothing happens, it still blocks with that rule like if the rule is ON.

What should i do, remove it from the .conf file??

As option you can delete that rule at this moment. It will be removed with next update.


THank you.

This happens on all rules that i want to remove globally or on vhosts.
Will the next update fix that?

Hi xanubi

Can you please run this test for us?

Turn off rule 211580 globally and try to send this test request in browser:

Where YOUR.SITE.COM is address of your site.

If CWAF works correctly you shouldn’t get 403 Forbidden error message.
Thanks in advance.

Hi Oleg,

With that rule, it worked, after turned off, the url you gave (with my site) didnd’t block (no 403).

But that doesn’t happen with some other rules, i repeat the text for 210700 and it continues to block, and 210700 is turned off globally.

Hi xanubi

It possible this is not 210700 blocking… To know for sure check Apache error/audit logs.

Hi already checked before posting.

The only way, was removing that rule from the .conf file.

Hi Everyone

I’ve just recently found out about the CWAF plugin or cpanel. I’ve registered at the forum because I had a very relevant question to ask about the plugin. I may have posted it in the wrong section - but it was in the forum relating to the plugin but a little while later after posting my question, I returned to the forum to see if there perhaps was an answer and now cannot find any record of my post anywhere, leaving me to think it has been deleted. I just wonder why!

I initialised the install process using # bash and received a warning that the plugin had not been tested with Mod Security version 2.8.0 - surely this would be a concern for anyone and reason enough to want to find out if anyone else has perhaps installed with on CentOS 6.5 86_64 with Mod Security 2.8.0 installed via Easy Apache. Cpanel version 11.42.1 (build 16).

Does anyone perhaps know if this plugin works successfully with Mod Security 2.8.0 ?

It works very fine. You can install without any worry

We have tested modsecurity 2.8.0 and have not found any critical errors. So modsecurity 2.8.0 can be used with our rules.

Ah Thank You for the reply - I’m still new at this and have set up new vps, I dont at this point want to break anything :slight_smile: