The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cpanel modsec + CRS (Core Rules Set) ?

Discussion in 'Security' started by qwerty, Nov 29, 2011.

  1. qwerty

    qwerty Well-Known Member

    Joined:
    Jan 21, 2003
    Messages:
    213
    Likes Received:
    0
    Trophy Points:
    16
    The modsec installaed by cpanel's EA only has a small number of rules. Is there any reason why the "Core Rules Set" isn't / can't be used such as too many false positives?

    We are considering using CRS + potentially the new 'Commercial Rules'. Has anyone here tried CRS on cpanel servers and how did you go ?

    We also use the CMC WHM plugin so we can disable rules that create too many false positives easily.
     
  2. minosjl

    minosjl Well-Known Member

    Joined:
    Jun 4, 2011
    Messages:
    168
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    India
    cPanel Access Level:
    Root Administrator
  3. qwerty

    qwerty Well-Known Member

    Joined:
    Jan 21, 2003
    Messages:
    213
    Likes Received:
    0
    Trophy Points:
    16
    yes yes I'm aware of how to enable custom rules etc, thanks.

    I was more wondering as to WHY cpanel does not include the full CRS rules and instead only has a handful of rules most of which are outdated ?
     
  4. minosjl

    minosjl Well-Known Member

    Joined:
    Jun 4, 2011
    Messages:
    168
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    India
    cPanel Access Level:
    Root Administrator
    hi ,

    May be they will set a new set of rules on his new version.
     
  5. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
  6. k-planethost

    k-planethost Well-Known Member

    Joined:
    Sep 22, 2009
    Messages:
    199
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    Athens Greece
    qwerty CRS working on cpanel server but not all the rules
    i suggest edit modsecurity_crs_10_config.conf to server needs create a folder activated_rules and not load all of them directly cause of false positives.
    monitor the box after which rules dont block customers with dynamic sites.
     
Loading...

Share This Page