Is there any way to allow customer disable ModSecurity rules directly?

These forums are not for questions about ModSecurity, just the cmc script itself
Post Reply
geekytone
Junior Member
Posts: 24
Joined: 04 Aug 2020, 13:58

Is there any way to allow customer disable ModSecurity rules directly?

Post by geekytone »

Hello,

Is there any way to allow customer disable ModSecurity rules directly? Because at this time, I have to manage all tickets related to ModSecurity one by one and setup them in the CMC at the WHM side.
jcx
Junior Member
Posts: 7
Joined: 18 Oct 2019, 00:23

Re: Is there any way to allow customer disable ModSecurity rules directly?

Post by jcx »

I was wondering the same thing too. I love CMC, but it would be nice if you could allow an end-user (A cPanel user) to be able to control which rules are enabled or disabled, without having to file a support ticket each time. Similar to how it works with MSFE?

I think what would be awesome is to be able to specify which rules can be controlled by an end user for compatibility. I know cPanel has a 'Mod Security' module which you can enable, but I find that if people experience problems with mod security, they are likely to just completely disable it for a domain, rather than whitelist the rules that are causing compatibility issues with whatever software they are using. So not only do you lose the additional protection offered against vulnerabilities in unpatched software, but also disable the quite useful features too like brute-force protection.

Of course, if it doesn't make sense to an end user, they are still quite free to open a support ticket, just some people are 'advanced users' so already know how to fix it.

Just an idea? :)

Kind regards,
Jessica
FutherForward20
Junior Member
Posts: 22
Joined: 03 Sep 2016, 13:56

Re: Is there any way to allow customer disable ModSecurity rules directly?

Post by FutherForward20 »

Most users don't have a clue about Modsec which is why they hire you. If they do understand how to use it and disable rules etc, then really why are they using cpanel ? they should probably be running their own server.

I'd say leave things as they are and use the opportunity to sell your maintenance expertise to the end user. Make it chargeable work - or do you always give away your time for free? In which case, you're too cheap.
Sergio
Junior Member
Posts: 1712
Joined: 12 Dec 2006, 14:56

Re: Is there any way to allow customer disable ModSecurity rules directly?

Post by Sergio »

geekytone wrote: 08 Dec 2020, 17:44 Hello,

Is there any way to allow customer disable ModSecurity rules directly? Because at this time, I have to manage all tickets related to ModSecurity one by one and setup them in the CMC at the WHM side.
Yes, there is a way for what you want.
In WHM go to future manager and edit the default user list and enable the option:
ModSecurity™ Domain Manager

That option allows your customers to Turn ON or OFF ModSecurity as pleased.

So, when one of my customers had issues working on a web page or updating blogs, etc. I recommend him to go to that option in cPanel and turned it OFF while he is working on the site and I told him to be double sure to enable ModSecurity again when he finish working so the site will be protected again.

This had worked for me really nice.

Sergio
Post Reply