ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

Safe to use OWASP modsec rules with ConfigServer/Atomic rule

https://mail.forum.configserver.com/viewtopic.php?t=8435

Page 1 of 1

Safe to use OWASP modsec rules with ConfigServer/Atomic rule

Posted: 04 Feb 2015, 13:12
by sozotech
I got the following notifcation logging into one of my cpanel servers this morning.

Code: Select all

OWASP rules for ModSecurity™ More Information
The OWASP ModSecurity CRS is a set of rules for use with the ModSecurity Apache module aimed at protecting your web server from malicious traffic. Through the guidance of OWASP, cPanel is now distributing a curated set of these rules. You can install and manage these rules using the WHM ModSecurity applications. You can read more information about the OWASP ModSecurity CRS, including installation pre-requisites and instructions, in the OWASP ModSecurity™ CRS documentation linked above.

https://documentation.cpanel.net/display/CKB/OWASP+ModSecurity+CRS
Are these rules safe to enable along with the default Atomic rules that ConfigServer has been installing via their cpanel service?

Best regards,
Eric

Re: Safe to use OWASP modsec rules with ConfigServer/Atomic

Posted: 04 Feb 2015, 14:30
by Pascal
I would like to know that as well.

Kind regards

Pascal

Re: Safe to use OWASP modsec rules with ConfigServer/Atomic

Posted: 04 Feb 2015, 15:16
by ForumAdmin
You should remove the lines from /usr/local/apache/conf/modsec2.user.conf and then remove /usr/local/etc/apache/modsec/ then restart apache. You should not run multiple rulesets at the same time.

Re: Safe to use OWASP modsec rules with ConfigServer/Atomic

Posted: 04 Feb 2015, 15:19
by sozotech
Do you have an opinion on which ruleset is better overall?

Thanks,
Eric

Re: Safe to use OWASP modsec rules with ConfigServer/Atomic

Posted: 04 Feb 2015, 15:23
by ForumAdmin
No, they all appear to have there problems and some don't correctly support the cPanel provided methods of integrating them (e.g. the paid for live ASL rules and the Comodo rules) so we do not currently have a recommendation on which to use.

Re: Safe to use OWASP modsec rules with ConfigServer/Atomic

Posted: 17 Feb 2015, 18:55
by verdonv
ForumAdmin wrote:You should remove the lines from /usr/local/apache/conf/modsec2.user.conf and then remove /usr/local/etc/apache/modsec/ then restart apache. You should not run multiple rulesets at the same time.
Do you mean completely empty out the file, or just remove the lines including the asl_ files?

Thks :-)

Re: Safe to use OWASP modsec rules with ConfigServer/Atomic

Posted: 17 Feb 2015, 20:59
by ForumAdmin
Empty it out, unless you use cxs in which case you should leave the cxs rule in there.

Re: Safe to use OWASP modsec rules with ConfigServer/Atomic

Posted: 17 Feb 2015, 22:14
by verdonv
ForumAdmin wrote:Empty it out, unless you use cxs in which case you should leave the cxs rule in there.
Thank You. Yes I do use cxs.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited