ModSecurity Archives

cPanel Request body no files data length is larger than the configured limit

May 29, 2023 by Yujin Boby

On a WordPress website hosted on Cpanel server, when editing a page, i get 404 error. On checking ModSecurity logs, found the following Message: Request body no files data length is larger than the configured limit (1048576). Message: collection_store: Failed to access DBM file “/var/cpanel/secdatadir/serverok-session”: Permission denied Apache-Error: [file “apache2_util.c”] [line 277] [level 3] [client … Read more

How to disable a rule in ModSecurity Apache

September 8, 2024November 11, 2022 by Yujin Boby

To disable a rule in ModSecurity, edit Apache configuration, add This needed to be added after all rules were loaded. On Ubuntu, I edited the file Here is what I have in a server which disables rules 941180 949110 980130 Back to ModSecurity

Nginx ModSecurity Not able to open file

September 21, 2022 by Yujin Boby

On an Nginx server after updating Nginx and ModSecurity, I got the following error [root@localhost ~]# nginx -t nginx: [emerg] “modsecurity_rules_file” directive Rules error. File: /etc/nginx/modsecurity.conf. Line: 275. Column: 51. “/etc/nginx/coreruleset-3.3.2/rules/*.conf”: Not able to open file. Looking at: ‘”/etc/nginx/coreruleset-3.3.2/rules/*.conf”‘, ‘”/etc/nginx/coreruleset-3.3.2/rules/*.conf”‘, ‘/etc/nginx/”/etc/nginx/coreruleset-3.3.2/rules/*.conf”‘, ‘/etc/nginx/”/etc/nginx/coreruleset-3.3.2/rules/*.conf”‘. in /etc/nginx/conf.d/default.conf:5 nginx: configuration file /etc/nginx/nginx.conf test failed [root@localhost ~]# To fix the … Read more

Install Nginx ModSecurity on CentOS 7

September 21, 2022July 12, 2021 by Yujin Boby

ModSecurity is a Web Application Firewall that protects your website from hacking attacks. It is Open Source and free to use. It can be used with webservers like Apache, Nginx, and IIS. To install ModSecurity with Nginx, we need to compile the ModSecurity Nginx module and activate it in the Nginx configuration file. Install the … Read more

Enable ModSecurity in Cpanel Server

October 1, 2020 by Yujin Boby

Login to WHM. Go to ModSecurity™ Vendors. By default cpanel come with “OWASP ModSecurity Core Rule Set V3.0” rule. To enable it click on “+ install” link right side. To add a third party rule set, click on “Add Vendor” button. To install comodo WAF rules, enter https://waf.comodo.com/doc/meta_comodo_apache.yaml Click “Load”, you will see some info … Read more

Disable ModSecurity for a specific URL

September 8, 2024April 20, 2020 by Yujin Boby

On a web site that is protected with ModSecurity, when admin edit HTML pages in admin area, ModSecurity falsely detect it as XSS attack. What we can do is disable specific rules that create this false positive. But in this case, it is bceause HTML is submitted. This application normally done need HTML submitted on … Read more

Install ModSecurity on Ubuntu/Debian

October 15, 2025April 17, 2020 by Yujin Boby

To install ModSecurity on Debian/Ubuntu Apache web server, run Enable mod security and restart Apache web server Verify mod_security installed with You will see something like To activate ModSecurity rules, run Edit set Restart Apache Verify mod security is working with command You should see “403 Forbidden” error, Here is another test url, which should … Read more

ModSecurity Web Application Firewall

October 15, 2025February 19, 2018 by Yujin Boby

ModSecurity is a Web Application Firewall. Protect sites from SQL injection and Application level hacking. To install ModSecurity on Ubuntu/Debian with Apache, run verify Apache module is installed with Enable config file Update config Restart Apache