This is not the first time I have seen that disable domains are not working so I want to report it.
The server I’m on now is using your WHM plugin, Cloudlinux/cPanel/Litespeed 5.0.13 version.
Is this something you could check and fix in the next agent release?
I have replaced the actual domain with domain.co.za and the IP address with xx.xx.xx.xx. The file that you mentioned, does exist, and it appears in my list of blocked domains:
============
./cwaf-cli.pl -dl
list of disabled domains:
domain.co.za
This occurred while the user was posting a new campaign in his Email Marketing software using Sendy. We keep having to whitelist Comodo rules as they trigger due to some word or phrase that gets used in his campaign.
We reproduced this issue on our server and found that when virtual domain is managed by Apache domain exclude works,
but when we turned to LiteSpeed it doesn’t.
So we need to be consulted with cPanel or LiteSpeed support.
Would really appriciate a fix for this since there are so many false positives on LiteSpeed rules that we currently cannot use CWAF on LiteSpeed.
So therefore it would be great to be able to disable rules on domains from customers that are having issues.
I also recommend that you setup a LiteSpeed test server and fix all the false positives. Or if you need you can get access to one of my servers and fix them once and for all!
Logically all CWAF rules are fine and domain exclusion should work on LS, but due to LS’s internal limitations it doesn’t work. Currently we have no plans to fix LiteSpeed’s ModSecurity limited support. But “cWatch Web Application Security” should solve this issue, so watch for news.
OK. But those disable domain work if you add CWAF as vendor in WHM?
I think OWASP rules provided by cPanel does work with LS. So then your rules should too?