Issue
Is there a command-line way to disable all WAF rules temporarily for the whole server?
Environment
- Imunify360
- cPanel
- ModSecurity
Solution
1. While for a single ModSecurity rule to disable (say the id: 77140964), it is possible to execute the following command:
# imunify360-agent rules disable --id 77140964 --plugin modsec --name wpt-252
It is also possible to display the list of currently disabled rules:
# imunify360-agent rules list-disabled
DOMAINS ID NAME PLUGIN
None 77140964 wpt-252 modsec
Using the option `--domains` also allows specifying the list of domains to disable a rule for.
2. To disable all Imunify360 rules, it is possible to uninstall the ruleset as shown below:
imunify360-agent uninstall-vendors
Also, to install it back:
imunify360-agent install-vendors
This will disable the ruleset globally by excluding the ruleset ModSec rules' files from the web server configuration and reloading service.
3. While using cPanel, its scripts can be utilized to disable the entire ruleset as well. Find the ruleset ID with:
/usr/local/cpanel/scripts/modsec_vendor list |grep imunify |grep vendor_id
And disable it. For example, disabling a ruleset for Apache can be done with:
/usr/local/cpanel/scripts/modsec_vendor disable imunify360-full-apache
This will also disable the ruleset globally.
4. On Stand-alone installations, the ruleset can also be disabled for a particular domain or globally. It is required to add the following configuration snippets to your ModSecurity configuration respectively and for a domain:
<IfModule security2_module> SecRuleRemoveById "33300-33400" SecRuleRemoveById "77000000-78000000" </IfModule>
<IfModule security3_module> modsecurity_rules 'SecRuleRemoveById 33300-33400'
modsecurity_rules 'SecRuleRemoveById 77000000-78000000'
</IfModule>
Useful links
- https://docs.imunify360.com/command_line_interface/#rules
- https://docs.imunify360.com/command_line_interface/#vendors
- https://docs.imunify360.com/ids_integration/#modsecurity-settings
- https://cloudlinux.zendesk.com/hc/en-us/articles/4716287786396-Imunify360-Stand-alone-installation-guide-with-integration-conf-examples
Comments
0 comments
Please sign in to leave a comment.