ModSecurity and cxs

Community forum to discuss cxs.
If you believe that there is a problem with your cxs installation and want support then, as a paid product, you should use the helpdesk after having consulted the documentation.
Locked
ForumAdmin
Moderator
Posts: 1524
Joined: 01 Oct 2008, 09:24

ModSecurity and cxs

Post by ForumAdmin »

To enable file upload scanning for web scripts, ModSecurity needs to have the option SecRequestBodyAccess enabled (as explained in the install document).

This option configures whether request bodies will be buffered and processed by ModSecurity.

You will need to ensure that other any ModSecurity rules that you have have been correctly written to deal with POST_PAYLOADS. If they have not, then previously working rules may no longer work as expected.

Most of the commonly available rulesets are correctly written with SecRequestBodyAccess enabled by default, e.g.:
Got Root: http://www.gotroot.com/mod_security+rules
Core Rules: http://www.owasp.org/index.php/Category ... et_Project

We would recommend using one of these rule sets.

The small set of rules provided by the cPanel default installation have not been written with POST_PAYLOADS in mind and may have to be altered or disabled.

Note: We do not provide support for rectifying or rewriting ModSecurity rules. We do now have a cPanel application that makes disabling ModSecurity rules very easy:
http://www.configserver.com/cp/cmc.html
We also have a separate FAQ entry for help in disabling rules:
http://www.configserver.com/techfaq/index.php?faqid=82

If you do not wish to modify your existing rulesets and forego the cxs ModSecurity hook, you should still be protected by cxs Watch if you have it running.
Locked