ModSecurity and cxs
Posted: 29 Nov 2009, 09:41
To enable file upload scanning for web scripts, ModSecurity needs to have the option SecRequestBodyAccess enabled (as explained in the install document).
This option configures whether request bodies will be buffered and processed by ModSecurity.
You will need to ensure that other any ModSecurity rules that you have have been correctly written to deal with POST_PAYLOADS. If they have not, then previously working rules may no longer work as expected.
Most of the commonly available rulesets are correctly written with SecRequestBodyAccess enabled by default, e.g.:
Got Root: http://www.gotroot.com/mod_security+rules
Core Rules: http://www.owasp.org/index.php/Category ... et_Project
We would recommend using one of these rule sets.
The small set of rules provided by the cPanel default installation have not been written with POST_PAYLOADS in mind and may have to be altered or disabled.
Note: We do not provide support for rectifying or rewriting ModSecurity rules. We do now have a cPanel application that makes disabling ModSecurity rules very easy:
http://www.configserver.com/cp/cmc.html
We also have a separate FAQ entry for help in disabling rules:
http://www.configserver.com/techfaq/index.php?faqid=82
If you do not wish to modify your existing rulesets and forego the cxs ModSecurity hook, you should still be protected by cxs Watch if you have it running.
This option configures whether request bodies will be buffered and processed by ModSecurity.
You will need to ensure that other any ModSecurity rules that you have have been correctly written to deal with POST_PAYLOADS. If they have not, then previously working rules may no longer work as expected.
Most of the commonly available rulesets are correctly written with SecRequestBodyAccess enabled by default, e.g.:
Got Root: http://www.gotroot.com/mod_security+rules
Core Rules: http://www.owasp.org/index.php/Category ... et_Project
We would recommend using one of these rule sets.
The small set of rules provided by the cPanel default installation have not been written with POST_PAYLOADS in mind and may have to be altered or disabled.
Note: We do not provide support for rectifying or rewriting ModSecurity rules. We do now have a cPanel application that makes disabling ModSecurity rules very easy:
http://www.configserver.com/cp/cmc.html
We also have a separate FAQ entry for help in disabling rules:
http://www.configserver.com/techfaq/index.php?faqid=82
If you do not wish to modify your existing rulesets and forego the cxs ModSecurity hook, you should still be protected by cxs Watch if you have it running.