Adding custom rule to Mod_security

[Dutchie]

I have a hard time figuring out how Mod_security is exactly configured in Plesk 12.
Its so different then on the server where we manually installed mod_security...

I want to add a custom rule because of CVE-2015-8562.

How can I add this rule without breaking anything and without it being overwritten upon updates?

On my other servers I just added an extra 00_joomla.conf file to the configuration.
But I dont know where to put it and how to let mod_security now to read it...

 

[IgorG]

Just go to Tools & Settings -> Web Application Firewall, switch it on and upload a custom web application firewall rule set if you have it.
More detail you can find here http://download1.parallels.com/Ples...inistrator-guide/index.htm?fileName=73383.htm

 

[Dutchie]

Thank you Igor,

I don't want to replace the whole ruleset but just add one rule:

SecRule REQUEST_HEADERS "JDatabaseDriverMysqli" "phase:1,id:'999000',deny,t:urlDecode,t:removeNulls,status:403,log,noauditlog,msg:'Joomla RCE CVE-2015-8562'"

Thanks,
Erwin

 

[IgorG]

If you have enabled Atomic Basic ModSecurity ruleset you can add your custom rule according to this documentation:

https://www.atomicorp.com/wiki/index.php/Mod_security#Creating_custom_rules

 

[Dutchie]

Thanks, it works!

 

[Arjan Oskam]

Just go to Tools & Settings -> Web Application Firewall, switch it on and upload a custom web application firewall rule set if you have it.
More detail you can find here http://download1.parallels.com/Ples...inistrator-guide/index.htm?fileName=73383.htm

Could you help me understand this? My Plesk was suddenly overload using that website.
I want to block all countries except for NL, BE, DE, LU.

I found something like this:
SecRule GEO:COUNTRY_CODE3 "!@streq USA" "phase:1,t:none,log,deny,msg:'Client IP not from USA'"

But when I use what is described on your link my Plesk is half crashing(22million % CPU usage)

I'd like your help!