The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

gotroot rules keep my server ridiculously slow.

Discussion in 'Security' started by konrath, Sep 5, 2010.

  1. konrath

    konrath Well-Known Member

    Joined:
    May 3, 2005
    Messages:
    367
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Brasil
    Hello

    gotroot rules for mod security keep my server ridiculously slow.


    Any suggestion?

    Thank you
    Konrath
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,453
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Not much to go on in your post, what rulesets are you using?

    You might want to ask on the gotroot forums:
    Forums : Got Root
     
  3. konrath

    konrath Well-Known Member

    Joined:
    May 3, 2005
    Messages:
    367
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Brasil
    Hello Infopro

    all rules. After enable, the apache is slow.

    Is there an alternative set of rules to gotroot, which are good and not
    excessively consume CPU?

    My server uses Apache 2.2

    Thank you
    Konrath
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,453
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    All Rules is a lot of rules (and is surely going to break something on someones sites, I'm sure). You might want to disable the largest of them to test and see if that's the problem first.

    This isn't exactly a cPanel issue, although there are probably more than enough threads on the topic of what rules to use here that you might find some use in, I suggest the docs at gotroot as a better resource worth a peek:
    http://www.atomicorp.com/wiki/index.php/Atomic_ModSecurity_Rules

    Near the bottom of that page you'll find a "Special Note for cPanel users" section.

    Also worth a note and you probably are already aware of this, but this is a great tool to have on board as well:
    ConfigServer ModSecurity Control
     
  5. nxweb

    nxweb Active Member

    Joined:
    Oct 29, 2008
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    All the rules is way more than what is needed for most servers. I just use the 99_asl_jitp.conf and 50_asl_rootkits.conf on webhosting servers.
     
  6. konrath

    konrath Well-Known Member

    Joined:
    May 3, 2005
    Messages:
    367
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Brasil
    Hello InfoPro. Yes, I read that. Thank you

    --------------------------------------------------------------

    Hello nxweb

    Yes, this is the answer I was searching.
    I will use only the rules for critical issues.

    Thank you
    Konrath
     
    #6 konrath, Sep 5, 2010
    Last edited: Sep 5, 2010
  7. mikegotroot

    mikegotroot Well-Known Member

    Joined:
    Apr 29, 2008
    Messages:
    85
    Likes Received:
    1
    Trophy Points:
    8
    If you having issues with using our free rules (the gotroot.com rules), please post on our forums:

    atomicorp.com Forums

    The free rules were written for security engineers that know how to tune them for their systems (as are all the free rule out there). If you need out of the box rules written for hosting environments, I recommend you use our real time rules. They were written for hosting environment and non-security experts that just want to install the rules and be done with it. The real time rules are designed with special performance enhancements that the free rules do not have and are tuned for environments like cPanel to ensure that there are no false positives.

    The free rules are for security engineers, and you will need to tune them for your needs.
     
    #7 mikegotroot, Oct 8, 2010
    Last edited: Oct 8, 2010
Loading...

Share This Page