Is there any way to allow customer disable ModSecurity rules directly?

These forums are not for questions about ModSecurity, just the cmc script itself
Post Reply
geekytone
Junior Member
Posts: 13
Joined: 04 Aug 2020, 13:58

Is there any way to allow customer disable ModSecurity rules directly?

Post by geekytone »

Hello,

Is there any way to allow customer disable ModSecurity rules directly? Because at this time, I have to manage all tickets related to ModSecurity one by one and setup them in the CMC at the WHM side.
jcx
Junior Member
Posts: 7
Joined: 18 Oct 2019, 00:23

Re: Is there any way to allow customer disable ModSecurity rules directly?

Post by jcx »

I was wondering the same thing too. I love CMC, but it would be nice if you could allow an end-user (A cPanel user) to be able to control which rules are enabled or disabled, without having to file a support ticket each time. Similar to how it works with MSFE?

I think what would be awesome is to be able to specify which rules can be controlled by an end user for compatibility. I know cPanel has a 'Mod Security' module which you can enable, but I find that if people experience problems with mod security, they are likely to just completely disable it for a domain, rather than whitelist the rules that are causing compatibility issues with whatever software they are using. So not only do you lose the additional protection offered against vulnerabilities in unpatched software, but also disable the quite useful features too like brute-force protection.

Of course, if it doesn't make sense to an end user, they are still quite free to open a support ticket, just some people are 'advanced users' so already know how to fix it.

Just an idea? :)

Kind regards,
Jessica
Post Reply