Hello. Yesterday I was using ACP and today I can not. Since 1 hour I've learned that I have ModSecurity on as default and it is blocking my acces to ACP. I've learned that I mght have ModSecurity 3 too on Apache.
Disabling Mod Security from Cpanel, ACP works as it should. I've seen posts here how to make changes. But It seems that those insctructions are for the version 2 and earlier. On top of that, those instructions to me are not far from klingon. I understand this stuff to some a degree.
In ModSecurity window at Cpanel. I can only turn whole thing off/on.
So. Where I can config Mod Security and how?
phpBB 3.3.8
Cpanel 110.024
Last edited by Mick on Sun Mar 03, 2024 11:25 am, edited 1 time in total.
Reason:Solved - server issue.
It isn't mod_security itself. It is the rule it is following.
I would think your server errorlog would tell you which rule is tripping, so you can turn it off.
For shared hosting you can usually turn mod_security off in the hosting control panel but that fully turns it off. It should be temp solution until the host can disable the problematic rule. It's possible to disable specific rules using .htaccess but it has to be configured like that and I don't think many hosts have it configured that way.
If you are on VPS or dedicated server you should have full access to disable any rule you want.
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”
Contacted the host. He said that I have almost all acces that he has. He can't see anything else that I can see according to modsecurity. I have to turn it off for now.
your host certainly should have access to turn off/change the rule set that mod security is using.
I suggest that you contact support again and ask for level two support. most of the time the support person that answers the phone
only know how to go to the user guide and if they can't find what you need there they usually just tell you it must be on your end.
If the "Host" does not have access to mod_security configuration then they aren't really a host. If I'm paying someone for shared hosting the expectation is they can deal with things out of my control like mod_security rule.
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”
Weirdest thing is that should I see mod security files some where ? etc folder has folder in my account name and that is empty. I can not find apache folder anywhere?
Same exact issue here!
Hosting support tried to push it on phpBB developers. After i mentioned the mod_security file entry being the possible cause, tone changed.
He's hesitantly submitting the issue to the shared hosting team, with the warning how all the users on the node would be effected by any changes to the file.
Vauxi wrote: Sun Mar 03, 2024 5:54 am
Weirdest thing is that should I see mod security files some where ? etc folder has folder in my account name and that is empty. I can not find apache folder anywhere?
Apache is the web server software and mod_security is a module for Apache. Generally speaking unless you have root access to the server you won't have access to these files or configurations. Most hosting control panels only have the option to turn it on or off.
If anyone can provide the error which is usually in the php error log that would be helpful.
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”
Seen on the technical support of the PlanetHoster host, with cPanel they could not act on mod_security so they offered users to switch from cPanel to NOC.
PlanetHoster wrote:There is a blockage at the Modsec level and unfortunately we cannot deactivate individual rules for a specific hosting.
This functionality is reserved for N0C servers.
Sorry for my English ... I do my best!
phpBB: 3.3.14 | PHP: 8.3.15 [Kill spam on phpBB] - [Some Frenchtranslationof extensions] "Mistress, Mistress someone is bothering me in pm"
ssl wrote: Sun Mar 03, 2024 8:15 am
Seen on the technical support of the PlanetHoster host, with cPanel they could not act on mod_security so they offered users to switch from cPanel to NOC.
Above Cpanel is the WHM panel and it takes about 10 seconds to remove the rule. In addition to that rules are scored so it could be multiple rules or if the scoring threshold was lowered it could trigger on minor issues. It's not that they can't change it, they probably don't want to.
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”