ModSecurity

ModSecurity is a URL firewall and it triggers based on a set of regular expressions (pattern matches). ModSecurity provides defense of websites and web applications from hackers and malware by filtering and monitoring HTTP traffic between a web app and the Internet.

cPanel has this feature by default and uses the OWASP ModSecurity Core Rule Set, created by atomicorp.com.

LetsHost uses the default rules provided with cPanel.

Some website changes that you attempt to make could trigger one (or more) of the rules often resulting in 403 Forbidden errors, 404 errors or causing your IP address to get blocked by the server.

What can I do if I am getting blocked?

First please open a ticket from your Client Area and provide your IP address as per: ip.letshost.ie with this we can confirm what rule is being triggered.

From there we generally recommend simply turning off ModSecurity while you are making changes to your site then to enable ModSecurity again once you are finished.

To do this, login to cPanel from your Client Area

  • Click Services > My Services
  • Click the green Active button beside your hosting account
  • Click Login to cPanel on the left hand side (This will open cPanel in a new tab)
  • Under the Security section click the ModSecurity option.

From here you can disable ModSecurity across all of your domains or you can disable each individually with the on/off switches.

Alternatively we can whitelist the specific rule that is being triggered on your account, we however do not recommend this method for the security implications involved, simply open a ticket from your Client Area and let us know.


Finally, should you want to investigate further you can view the list of rules, or search for the particular rule that you were blocked on from here or here

Please note as the rules are provided by a third party we would not be able to troubleshoot/advise on why the changes you are making to your website are triggering the ModSecurity firewall.

One other option however, you could whitelist your IP address on a server, this will keep ModSecurity fully enabled on your account, while any rules that you may trigger would be bypassed/allowed, if you would be interested in this option please contact our sales department and we can advise on VPS hosting.