cxs and ModSecurity v2.9

If you are using ModSecurity v2.9 with Apache you will need to add an extra ModSecurity directive to the cxs upload scanning rule for it to function as ModSecurity have changed the way that the @inspectFile function works:

SecUploadKeepFiles RelevantOnly

On a cPanel server this means that you need to edit:


and add the line above after the cxs ModSecurity rule and then restart httpd.