Forum
  1. Forums
  2. Imunify360
  3. Imunify360 and Imunify Sensor
  1. Anonymous User
  2. Monday, December 25, 2017
  3.  Subscribe via email
Hello,

We configured Modsecurity by custom rule set in the Plesk as below:
rule set is Atomicorp
Web application firewall mode is on
Predefined set of values is Thorough (The full HTTP request headers, the request POST data and the HTTP response body content will be analyzed.)
When we upload a malicious file through Plesk panel, it cannot detect and file upload to the customer directory. When we want to run that file (for example a php shell) then the Modsecurity prevents and return 403.
Could you please help us to make the Imunify360 working as a WAF to prevent upload malicious files?

Kind Regards,
Rate this post:
  1. 25.12.2017 10:12:12
  2. # 1
Alexander Z Accepted Answer
Posts: 31
Joined: 29.03.2017
0
Votes
Undo
Hello!

Imunify360 could prevent upload of malicious files when Imunify360 ModSecurity rules set is enabled. As far as you using your own custom rule set, then Imunify360 rules that checking uploaded files are disabled because you could have only 1 active ruleset in Plesk. You need to disable your custom ruleset and install Imunify360's one using:

$ /usr/local/psa/admin/sbin/modsecurity_ctl --disable-all-rules --ruleset <YOUR_CUSTOM_RULES_NAME>
$ imunify360-agent plesk install-vendors


Good luck!
  1. 25.12.2017 11:12:37
  2. # 2
Majid Accepted Answer
Hello,

What is the <YOUR_CUSTOME_RULES_NAME>? We have some *.conf files in the /etc/httpd/conf/modsecurity.d/rules/custom/ directory.
Also when we run $ imunify360-agent plesk install-vendors we got the below error:
INFO [+ 3570ms] defence360agent.subsys.panels.plesk.mod_security|Skipping vendor installationdue to conflicting vendor[s]: ['imunify360-full-apache']

Please let us know how we can configure modsecurity with your rules?

Kind Regards,
  1. 25.12.2017 12:12:40
  2. # 3
Alexander Z Accepted Answer
Posts: 31
Joined: 29.03.2017
0
Votes
Undo
Hello, Majid!

You could get currently active vendor by running "/usr/local/psa/admin/sbin/modsecurity_ctl -L --enabled".
In your case, I can see that "imunify360-full-apache" is already installed.
However, if you want to use Imunify360's ModSecurity rules and some other vendor is active now, you could use instructions from my previous comment.

If Imunify360's vendor is already active and upload of malicious files is still allowed, then it's unexpected behavior, please submit a ticket with our technical support at https://cloudlinux.zendesk.com (Imunify360 department) so our team can help you with the issue.

Thanks!
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
Guest
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Remove Upload Files (Maximum File Size: 2 MB)
You may insert polls into your post. The poll would then appear in the post.
Vote Options
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.