mod_security

#62
Which rule set?

What is the suggested version to use for the gotroot rule sets at "https://updates.atomicorp.com/channels/rules/delayed/"? Should we use the "modsec-2.5" or the "modsec-2.7" ruleset? I am not sure which one is more compatible or you have been testing against?
 
#64
I was told the latest should work fine, so I have been using the "modsec-2.7" set without issue. If it doesn't understand a rule it will ignore it. So far I have had very few issues besides the normal problem with some rules being a little too aggressive, so I just remove those ones.
 

stormy

Well-Known Member
#65
I have just enabled the rules that come with cPanel and it seems to work. No complaints from customers about broken sites so far.

However, an official confirmation would be great.
 

stormy

Well-Known Member
#66
Here's an update. Rule "1234123429" is triggered by many cronjobs running on my servers:

[Rule: 'REQUEST_HEADERS:User-Agent' '!^apache.*perl'] [ID "1234123429"] [Msg "Request Indicates an automated program explored the site"] [severity "NOTICE"] [MatchedString "Wget/1.11.4 Red Hat modified"]

I've disabled it using ConfigServer ModSecurity Control. Not sure if this is a good idea or not.

From what I can gather, that rule shouldn't be triggered when running Apache, but is triggered when running Litespeed. Is this correct?
 
Top