Facebook
TwitterFilipe Silva
Basic Pleskian
I have the following code to add to apache/httpd modsecurity something:
"
# SPECIFIC: Block #submit #validate #process #pre_render #post_render #element_validate #after_build #value_callback parameters
SecRule REQUEST_FILENAME "(index\.php|\/$)" "chain,id:003294,t:lowercase,t:none,t:utf8toUnicode,t:urlDecodeUni,t:urldecode,block"
SecRule REQUEST_METHOD "^(GET|POST|HEAD)$" chain
SecRule ARGS_NAMES|REQUEST_COOKIES_NAMES "^\#(submit|validate|pre_render|post_render|element_validate|after_build|value_callback|process)$|\[(?:\'|\")?#(submit|validate|pre_render|post_render|element_validate|after_build|value_callback|process)"
# GENERIC: Block all parameters starting with #
SecRule REQUEST_FILENAME "(index\.php|\/$)" "chain,id:003309,t:lowercase,t:none,t:utf8toUnicode,t:urlDecodeUni,t:urldecode,block"
SecRule REQUEST_METHOD "^(GET|POST|HEAD)$" chain
SecRule ARGS_NAMES|REQUEST_COOKIES_NAMES "^\#|\[(?:\'|\")?\#.*\]"
"
This is to stop my website from getting hacked, how do I insert those rules in plesk? I go to apache settings in the domain, Additional directives for HTTP and gives me an error right away. Is it possible to add it to the website .htacess?
Thanks
EDIT: I added that code in a .conf file, inserted in "/etc/httpd/conf/modsecurity.d/rules" and restarted httpd. Not sure if it is working or if it is enough. But it didn't give me any error
"
# SPECIFIC: Block #submit #validate #process #pre_render #post_render #element_validate #after_build #value_callback parameters
SecRule REQUEST_FILENAME "(index\.php|\/$)" "chain,id:003294,t:lowercase,t:none,t:utf8toUnicode,t:urlDecodeUni,t:urldecode,block"
SecRule REQUEST_METHOD "^(GET|POST|HEAD)$" chain
SecRule ARGS_NAMES|REQUEST_COOKIES_NAMES "^\#(submit|validate|pre_render|post_render|element_validate|after_build|value_callback|process)$|\[(?:\'|\")?#(submit|validate|pre_render|post_render|element_validate|after_build|value_callback|process)"
# GENERIC: Block all parameters starting with #
SecRule REQUEST_FILENAME "(index\.php|\/$)" "chain,id:003309,t:lowercase,t:none,t:utf8toUnicode,t:urlDecodeUni,t:urldecode,block"
SecRule REQUEST_METHOD "^(GET|POST|HEAD)$" chain
SecRule ARGS_NAMES|REQUEST_COOKIES_NAMES "^\#|\[(?:\'|\")?\#.*\]"
"
This is to stop my website from getting hacked, how do I insert those rules in plesk? I go to apache settings in the domain, Additional directives for HTTP and gives me an error right away. Is it possible to add it to the website .htacess?
Thanks
EDIT: I added that code in a .conf file, inserted in "/etc/httpd/conf/modsecurity.d/rules" and restarted httpd. Not sure if it is working or if it is enough. But it didn't give me any error
Last edited:
