The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Addon Module: mod_security

Discussion in 'cPanel Developers' started by cPanelBilly, Sep 23, 2004.

  1. cPanelBilly

    cPanelBilly Guest

    What is Mod_Security?
     
  2. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    38
    Hrm.. why not just add this to buildapache and label it "unsupported" ? Not that it doesn't have its place in the addon modules, but heck.. WHM is so bloody crowded as it is, so many thing out of place and whatnot.
     
  3. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    Very intense module if not handled properly. This is something that can cause a lot of headaches if not done right. I also tend to agree with haze that these types of things best belong in buildapache and not in whm addons, as these are not whm addons but apache addins.
     
  4. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    If they placed it in buildapache they wouldn't be able to eventually charge extra for it later, would they...
     
  5. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    38
    Why would they charge extra for it ? Its a very simple procedure to build it in yourself, the harder part is building rules that work with your machine and needs.
     
  6. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    Isn't it part of cPanel Pro?
    don't you have to register for cPanel Pro?
    didn't Nick say cPanel Pro was free for a limited time?

    Just got to learn to read the writing on the wall...
     
  7. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    I don't think this is considered part of cpanel pro. Cpanel pro is just one of the addon modules. I am not using cpanel pro, but I am using the Tomcat installer.
     
  8. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    38
    No, its an addon module, its not part of cPanel pro AFAIK, and if cpanel were going to charge for pro, i reckon they would have done so already. Your just tossing shit in the fan m8.
     
  9. SarcNBit

    SarcNBit Well-Known Member

    Joined:
    Oct 14, 2003
    Messages:
    1,010
    Likes Received:
    3
    Trophy Points:
    38
    I am sure that it (charging for Pro) is something that is being discussed. Maybe they were not charging for it because it was in an 'open beta' state (sounds like edge builds). Now that it has been tested and we are nearing cPanel 10 I would not be surprised if something changed.

    The only thing rs-freddo was tossing was what he heard straight from the horse's mouth:

    REF: http://forums.cpanel.net/showthread.php?t=20137
     
  10. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    38
    1. If you already have a license, you don't need to pay for it.
    2. Its an ADDON MODULE, its not a part of cPanel pro.
    3. It doesn't take a rocket scientist to compile and install mod_security. Setting it up is a different story.
     
  11. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    I also read a thread where someone said they couldn't use an add-on because they hadn't registerd for PRO. I can't test this because I have registered for PRO even thoguh i did uninstall it. Apart from that I'm using stable and can't see these add-ons anyway.

    I don't know for sure just guessing this is why an apache module is in the add-ons and not buildapache.
     
  12. SarcNBit

    SarcNBit Well-Known Member

    Joined:
    Oct 14, 2003
    Messages:
    1,010
    Likes Received:
    3
    Trophy Points:
    38
    No arguement with any of this :)
     
  13. cPanelBilly

    cPanelBilly Guest

    let me clear a few things up
    #1 it is not part of easy apache because it requires much more configuration then can be automatically added in
    #2 There is going to be a full interface in WHM (prob next week when I get a change to program it)
    #3 It is not part of cPanel pro currently, although some features I want to add in may require cPanel PRO (ie users being able to see the latest logs of blocks for their specific domain)
    #4 Current Pro is completely free and as long as you activate the IP it wont change. I have also not heard if Pro will ever be charged for or not.
     
  14. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    Couple of points:

    1) ip addresses do occasionally need to be changed - if I use PRO then it changes to CHARGE and I move IP's then i have to pay.

    2) PRO has a number of serious problems:
    A) Leechprotect generates lots of errors even when it's disabled because it runs thru cron even when disabled for all clients.
    B) Boxtrapper is available through the webmail link even when turned off in WHM.

    These are the reasons I uninstalled PRO so tying more add-ons into PRO means they are useless to anyone not wanting to use PRO.

    Why bother making people register if you aren't going to charge for it??? That doesn't make sense.
     
  15. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider

    For these two points, might I suggest the following?

    1. Have a BIG note stating that if not installed properly it will FooBar your service. Which is true as many here can atest to especially for FP extensions.
    2. Without have a way to configure it now, and someone just installs with out the rules in place it may give a false sense of security (sarc).
    3. For addons in general, information list for things in there is very lacking. You have to remember that there are a lot of cPanel server owners who may not know what mod_security is and does and not all of them visit these forums either.
    4. Also the little disclaimer at the bottom about not responsible for 3rd party etc.... I think you need to put this at the top in BIG BOLD WORDS.
    5. Which leads me to the last one which is more of a question. If cPanel does not intend to support these products, why are they being supplied? This in itself does not make a lot of sense to me.

    Just my thoughts on it. :D
     
  16. cPanelBilly

    cPanelBilly Guest

    Most things we will support. (ie with mod_security we will support just about everything, if you look at it now, we show a way to nullify it if there is an issue)
    I will post more about pro here later today (I just woke up and am still at home) when I learn more.

    As for the warning about breaking stuff, that will all come when the WHM portion is ready.

    As for those that dont like what is included with cpanel pro, would you like to see all 4 things be given as seperate addons, and pro just be the framework itself? If so I can see about having that done.
     
  17. SarcNBit

    SarcNBit Well-Known Member

    Joined:
    Oct 14, 2003
    Messages:
    1,010
    Likes Received:
    3
    Trophy Points:
    38
    That does not address rs-freddo's point about one day having to pay for Pro features.

    If you say that Pro is simply a framework and it is to be included for all cPanel users come v10 regardless of registration then that will change a lot of minds.

    It would be good to seperate these addons for admins that may not wish to offer all of them.

    Back to rs-freddo's post, it would also be good if when a feature was disabled that links to that feature are removed/disabled. I am assuming that is the way it would be.
     
  18. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I must say that this thread has me all confused (like others).

    When cPanel Pro came out, I was under the impression that it was basically an API framework and it was that that would be charged for. While it was in beta it was free of charge to sign up for. once out of beta, if you hadn't signed up, there would be a fee.

    So the impresson I had/have is that though these nice (for some) add-ons are "free", the API that they're based on is what will be charged for, so they are in fact only free to people who have a cPanel Pro license.

    Now, apparently, this is not the case. So, it would be nice if we could have a categorical statement as to whether the cPanel Pro API will continue to be free, and that the add-ons will be too. If not, what will be charged for in the future.
     
  19. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    You need to make a final decision about whether PRO will be charged for or not. I have no intention of introducing services to my customers now and then getting charged for them when my customers are dependent on them - this type of approach is really low.

    The PRO api was originally introduced to allow developers to develop stuff for cpanel however the REGISTRATION AND CHARGE aspect mean't developers would have a limited market. If you want devlopers to create apps for cPanel you need to make PRO free so it's taken up by all cpanel customers.

    My main beef with cPanel PRO (apart from the charge feature) is that the add-ons are not properly turned off. In the webmail interface it's simply "show the boxtrapper link if PRO is installed". The webmail interface doesn't even check to see if boxtrapper is enabled or not. This means clients can be using Boxtrapper without admins knowledge - what a mess if PRO is uninstalled...
    Also if Leechprotect is turned off it still runs in CRON.
     
  20. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider

    All of the current pro modules will remain free of charge to all licensed customers. Newer versions just include the pro api which would allow third parties to partner with us and install/update their software as an addon, there may or may not be a charge for their software. As far as the original pro modules go, they are free to all licensed customers during beta. During the final release stage they may not be availble to all customers for testing. However the final versions will free to all licensed customers.
     
Loading...

Share This Page