Discussion in 'General' started by markb1439, Jan 23, 2011.

  1. NiteWave

    NiteWave Administrator

  2. lancelot

    lancelot Member

    Which rule set?

    What is the suggested version to use for the gotroot rule sets at ""? Should we use the "modsec-2.5" or the "modsec-2.7" ruleset? I am not sure which one is more compatible or you have been testing against?
  3. stormy

    stormy Well-Known Member

    What's the status on this? Is there a confirmed basic ruleset that will work?
  4. lancelot

    lancelot Member

    I was told the latest should work fine, so I have been using the "modsec-2.7" set without issue. If it doesn't understand a rule it will ignore it. So far I have had very few issues besides the normal problem with some rules being a little too aggressive, so I just remove those ones.
  5. stormy

    stormy Well-Known Member

    I have just enabled the rules that come with cPanel and it seems to work. No complaints from customers about broken sites so far.

    However, an official confirmation would be great.
  6. stormy

    stormy Well-Known Member

    Here's an update. Rule "1234123429" is triggered by many cronjobs running on my servers:

    [Rule: 'REQUEST_HEADERS:User-Agent' '!^apache.*perl'] [ID "1234123429"] [Msg "Request Indicates an automated program explored the site"] [severity "NOTICE"] [MatchedString "Wget/1.11.4 Red Hat modified"]

    I've disabled it using ConfigServer ModSecurity Control. Not sure if this is a good idea or not.

    From what I can gather, that rule shouldn't be triggered when running Apache, but is triggered when running Litespeed. Is this correct?

Share This Page