owasp

Last few days we have been noticing that Google crawler IP's (i.e. 66.249.xxx.xxx) have stared being blocked by the OWASP modsecurity rules. This is not an isolated case, we have many servers and the same issues has been seen across all of them. Previously we had no issues like this related to...

If you are using OWASP rules v. 3.3.4 you can experience problem with GTmetrix service. All requests will serve 403 error. It is interesting becouse probably GTmetrix sends forbidden header. GTmetrix is blocked by 3 rules: 920450 - request protocol enforcement 949110 - request blocking...

Hello FYI I was confronted with the blocking of an interface following modsecurity blocking by rule N°1234123447 Precisely the request: "?_wblapi=/forsef/v1/ping" Triggers rule N°1234123447 because of the term "ping" In bold just below. ModSecurity: Access denied with code 501, [Rule: 'ARGS'...

Is it possible to get the most updated OWASP Core Rule Set on CentOS? We would like to implement ModSecurity rules that are available on the latest versions. We’re on version 3.0 and the current stable version is 3.3. Are there compatibility issues with cPanel for the latest version?

We have Mod Security enabled, and using mod sec rules developed and provided by our data center. It has worked out very well, but there are some things we like about the OWASP Core Rule Set (CRS) that cPanel is making available to us. I'm investigating enabling these rules, either in...

Hi guys, Does any of you have any experience yet with the newly released OWASP ModSecurity Core Rule Set v3.3 that was released last month? (OWASP ModSecurity Core Rule Set – The 1st Line of Defense Against Web Application Attacks) Worth trying out?

All of our servers are reporting identical update failures: The cPanel & WHM update process failed for the following reason: Maintenance ended; however, it did not exit cleanly (256). The following events were logged: “scripts/modsec_vendor”. Review the update logs to determine why the update...

As soon as I enable the OWASP mod_security rules, my clients or myself can't save a Wordpress page edit. My hosting support said mod_security was blocking ajax php requests, or something along those lines. Any suggestions? Thanks!

I have a few questions on mod_security that puzzle me, so I thought I would ask for some help here to try and clarify them: I have mod_security enabled at the server level and have the OWASP ModSecurity Core Rule Set enabled, with all the 22 rules active. Rules engine is set to be processed...

Hi Guys, I have ModSecurity installed with SecResponseBodyLimit at the default 512kb limit and SecResponseBodyLimitAction default 'block' setting. My question is as follows, in todays media rich web sites, is 512kb still reasonable? I have some customers running Wordpress that are hitting this...

Hey! how are you guys! I was just wondering if there is any specific reason why ModSecurity rules comes uninstalled on all cpanel servers... did you have any kind of issue after enabling it? wordpress/joomla are fully compatible? its a must to have it enabled/installed or there is no big...

Good morning I was planning to enable OWASP ruleset for ModSecurity and I searched around some information. Then, I found some worrying complaints (for example here OWASP Cpanel Rules - Experience) and I'm reviewing my plans. Since I read somewhere that OWASP rules have been recently updated...

Hello, Is there any way to edit the ModSecurity included vendor rules ? I'm using OWASP as a Vendor and I want to edit a single rule of theirs. I was not able to find a way through WHM. Is there any other way to edit such rule, for example through the command line ? Regards!

Hello, I have some questions about ModSecurity. I have this email: Time: Tue Aug 29 17:56:39 2017 +0200 IP: [Removed] Failures: 10 (mod_security) Interval: 3600 seconds Blocked: Permanent Block Log entries: [Tue Aug 29 17:56:34.795036 2017] [:error] [pid 10514] [Removed]...

For anyone irritated by the ModSecurity Tools logged Hits every 5 minutes generated by the 'GET /whm-server-status' triggering rule id 920280 .......... this is for you :) 1) Go to Home » Security Center » ModSecurity™ Tools » Rules List and make sure you don't already have a rule id 1000 (if...

Hi, Guys I am automating server hardening and optimization, 1) for that I need to install OWASP ModSecurity Core Rule Set V3.0 from the command line. 2) Also, I need to install MPM event through command line. Current EA4 profile is CPanel default. Please let me know the solution or...

When upgrading to OWASP 3.0, do the rules get all new ID's, or do they stay the same, in which case I will have to go through all of the currently disabled rules and re-enable?

So basically it's broken and no way to fix? Why do you ship this then? And please don't give the 3rd party excuse... after the last release of Cpanel I get a big message that says: OWASP has released version 3 of their Core Rule Set for ModSecurity™. This new version of the ruleset provides...

Hi, I just updated our server to cpanel 64.0.11 and noticed a few issues. In WHM accessing the Apache Status page returns "Failed to receive status information from Apache." Accessing PhpMyAdmin via a users cPanel account will either hang on "Loading..." or display a 403/404 Security Token...

Shouldn't the OWASP vendor config file have the version added to the name or even another field to display the version. So if you have v2 and v3 installed you can differentiate between the two? If you look at the following files you will see they both have the exact same name v2...