OWASP rules for ModSecurity™ More Information
The OWASP ModSecurity CRS is a set of rules for use with the ModSecurity Apache module aimed at protecting your web server from malicious traffic. Through the guidance of OWASP, cPanel is now distributing a curated set of these rules. You can install and manage these rules using the WHM ModSecurity applications. You can read more information about the OWASP ModSecurity CRS, including installation pre-requisites and instructions, in the OWASP ModSecurity™ CRS documentation linked above.
https://documentation.cpanel.net/display/CKB/OWASP+ModSecurity+CRS
Are these rules safe to enable along with the default Atomic rules that ConfigServer has been installing via their cpanel service?
You should remove the lines from /usr/local/apache/conf/modsec2.user.conf and then remove /usr/local/etc/apache/modsec/ then restart apache. You should not run multiple rulesets at the same time.
No, they all appear to have there problems and some don't correctly support the cPanel provided methods of integrating them (e.g. the paid for live ASL rules and the Comodo rules) so we do not currently have a recommendation on which to use.
ForumAdmin wrote:You should remove the lines from /usr/local/apache/conf/modsec2.user.conf and then remove /usr/local/etc/apache/modsec/ then restart apache. You should not run multiple rulesets at the same time.
Do you mean completely empty out the file, or just remove the lines including the asl_ files?