Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

cpanel modsec + CRS (Core Rules Set) ?

Discussion in 'Security' started by qwerty, Nov 29, 2011.

  1. qwerty

    qwerty Well-Known Member

    Joined:
    Jan 21, 2003
    Messages:
    214
    Likes Received:
    2
    Trophy Points:
    168
    The modsec installaed by cpanel's EA only has a small number of rules. Is there any reason why the "Core Rules Set" isn't / can't be used such as too many false positives?

    We are considering using CRS + potentially the new 'Commercial Rules'. Has anyone here tried CRS on cpanel servers and how did you go ?

    We also use the CMC WHM plugin so we can disable rules that create too many false positives easily.
     
  2. minosjl

    minosjl Well-Known Member

    Joined:
    Jun 4, 2011
    Messages:
    168
    Likes Received:
    0
    Trophy Points:
    66
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. qwerty

    qwerty Well-Known Member

    Joined:
    Jan 21, 2003
    Messages:
    214
    Likes Received:
    2
    Trophy Points:
    168
    yes yes I'm aware of how to enable custom rules etc, thanks.

    I was more wondering as to WHY cpanel does not include the full CRS rules and instead only has a handful of rules most of which are outdated ?
     
  4. minosjl

    minosjl Well-Known Member

    Joined:
    Jun 4, 2011
    Messages:
    168
    Likes Received:
    0
    Trophy Points:
    66
    Location:
    India
    cPanel Access Level:
    Root Administrator
    hi ,

    May be they will set a new set of rules on his new version.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,609
    Likes Received:
    32
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. k-planethost

    k-planethost Well-Known Member

    Joined:
    Sep 22, 2009
    Messages:
    199
    Likes Received:
    8
    Trophy Points:
    68
    Location:
    Athens Greece
    qwerty CRS working on cpanel server but not all the rules
    i suggest edit modsecurity_crs_10_config.conf to server needs create a folder activated_rules and not load all of them directly cause of false positives.
    monitor the box after which rules dont block customers with dynamic sites.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice