The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Effective cPanel mod_security Configuration

Discussion in 'Security' started by markb14391, Feb 13, 2013.

  1. markb14391

    markb14391 Well-Known Member

    Jun 9, 2008
    Likes Received:
    Trophy Points:
    I know this has been covered in various bits and pieces elsewhere, and my head is spinning from reviewing them all.

    I'm wondering if anyone has a definitive view on the best mod_security implementation for cPanel. Each option seems to have various drawbacks:

    1) ASL handles it for you and has the famous gotroot rules, but ASL can be problematic on some servers.

    2) ASL-Lite gives you the same rules, but can be hard to configure properly with cPanel.

    3) The free gotroot rules have obvious limitations.

    4) cPanel's own default rules seem ineffective.

    5) ???

    Can anyone recommend the best way to implement mod_security securely on a cPanel without jumping through hoops and possibly causing issues on the server?


  2. srpurdy

    srpurdy Well-Known Member

    Jun 1, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    I use the full ASL, Most the issues stem from the fact cPanel does things out of standards. But that's been changing slowly, and things in that respect have improved quite a bit. Besides that I'm not aware of any problems. But if you know of any others I suggest you talk to the guys at ASL. They are very helpful.

    I'm not aware of any "easier" solution than ASL myself. I mean unless your a security expert and can write everything yourself. I think it's not exactly an easy task.

Share This Page