gotroot rules keep my server ridiculously slow.

konrath

Well-Known Member
May 3, 2005
366
0
166
Brasil
Hello

gotroot rules for mod security keep my server ridiculously slow.


Any suggestion?

Thank you
Konrath
 

konrath

Well-Known Member
May 3, 2005
366
0
166
Brasil
Hello Infopro

all rules. After enable, the apache is slow.

Is there an alternative set of rules to gotroot, which are good and not
excessively consume CPU?

My server uses Apache 2.2

Thank you
Konrath
 

Infopro

Well-Known Member
May 20, 2003
17,090
518
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
All Rules is a lot of rules (and is surely going to break something on someones sites, I'm sure). You might want to disable the largest of them to test and see if that's the problem first.

This isn't exactly a cPanel issue, although there are probably more than enough threads on the topic of what rules to use here that you might find some use in, I suggest the docs at gotroot as a better resource worth a peek:
http://www.atomicorp.com/wiki/index.php/Atomic_ModSecurity_Rules

Near the bottom of that page you'll find a "Special Note for cPanel users" section.

Also worth a note and you probably are already aware of this, but this is a great tool to have on board as well:
ConfigServer ModSecurity Control
 

nxweb

Active Member
Oct 29, 2008
37
0
56
All the rules is way more than what is needed for most servers. I just use the 99_asl_jitp.conf and 50_asl_rootkits.conf on webhosting servers.
 

konrath

Well-Known Member
May 3, 2005
366
0
166
Brasil
Hello InfoPro. Yes, I read that. Thank you

--------------------------------------------------------------

Hello nxweb

Yes, this is the answer I was searching.
I will use only the rules for critical issues.

All the rules is way more than what is needed for most servers. I just use the 99_asl_jitp.conf and 50_asl_rootkits.conf on webhosting servers.
Thank you
Konrath
 
Last edited:

mikegotroot

Well-Known Member
Verifed Vendor
Apr 29, 2008
85
1
58
If you having issues with using our free rules (the gotroot.com rules), please post on our forums:

atomicorp.com Forums

The free rules were written for security engineers that know how to tune them for their systems (as are all the free rule out there). If you need out of the box rules written for hosting environments, I recommend you use our real time rules. They were written for hosting environment and non-security experts that just want to install the rules and be done with it. The real time rules are designed with special performance enhancements that the free rules do not have and are tuned for environments like cPanel to ensure that there are no false positives.

The free rules are for security engineers, and you will need to tune them for your needs.
 
Last edited: