mod_security

Discussion in 'General' started by markb1439, Jan 23, 2011.

  1. NiteWave

    NiteWave Administrator

  2. lancelot

    lancelot New Member

    Which rule set?

    What is the suggested version to use for the gotroot rule sets at "https://updates.atomicorp.com/channels/rules/delayed/"? Should we use the "modsec-2.5" or the "modsec-2.7" ruleset? I am not sure which one is more compatible or you have been testing against?
  3. stormy

    stormy Member

    What's the status on this? Is there a confirmed basic ruleset that will work?
  4. lancelot

    lancelot New Member

    I was told the latest should work fine, so I have been using the "modsec-2.7" set without issue. If it doesn't understand a rule it will ignore it. So far I have had very few issues besides the normal problem with some rules being a little too aggressive, so I just remove those ones.
  5. stormy

    stormy Member

    I have just enabled the rules that come with cPanel and it seems to work. No complaints from customers about broken sites so far.

    However, an official confirmation would be great.
  6. stormy

    stormy Member

    Here's an update. Rule "1234123429" is triggered by many cronjobs running on my servers:

    [Rule: 'REQUEST_HEADERS:User-Agent' '!^apache.*perl'] [ID "1234123429"] [Msg "Request Indicates an automated program explored the site"] [severity "NOTICE"] [MatchedString "Wget/1.11.4 Red Hat modified"]

    I've disabled it using ConfigServer ModSecurity Control. Not sure if this is a good idea or not.

    From what I can gather, that rule shouldn't be triggered when running Apache, but is triggered when running Litespeed. Is this correct?
  7. robertzhao

    robertzhao New Member

    300 ms in the normal delivery of a dynamic page, will take 20 seconds to load. It looks like the MOD security required to optimize the implementation, or in some way pre-compiled.

Share This Page