The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

how to use OWASP ModSecurity Core Rule Set

Discussion in 'Security' started by dilstar, Nov 20, 2013.

  1. dilstar

    dilstar Member

    Joined:
    Nov 20, 2013
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi!

    I have vps and i have installed the mod security from easyapache. now its showing in the whm and when i go to its configuration its showing text file to write ruleset just by copy paste.

    Let me know how can i use these ruleset, just i have to copy paste all the rule set there?
    or if that is not possible then how to use owasp and all other ruleset. Please guide step by step now.

    thanks
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    I don't believe the rules provided by OWASP are intended to be copy/pasted into a Mod_Security configuration without first fine tuning them. I will leave this thread open for input from other users who may have implemented the OWASP rules.

    Thank you.
     
  3. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Using the OWASP rules is somewhat advanced and you should read the included documentation very carefully.

    The rules are split into several files. Usually what you do is have a directory for the rules files you want to use. Some rules (protocol anomolies especially) are more prone to false positives than others.

    Normally if you deploy the entire core rule set you should be prepared to troubleshoot false positives for a while until you get it tuned for your own use.

    You need a basic modsec2.user.conf to call your own setup config as well as the rules you want to use. My modsec2.user.conf when I used to use the owasp rules looked like this:

    Code:
    SecUploadDir /tmp
    SecTmpDir /tmp
    SecDataDir /tmp
    
    SecRequestBodyAccess On
    
    Include "/usr/local/apache/conf/OWASP/10_setup.conf"
    Include "/usr/local/apache/conf/OWASP/activated_rules/*.conf
    Include "/usr/local/apache/conf/OWASP/custom.conf"
    Include "/usr/local/apache/conf/OWASP/exclude.conf"
    
    Inside the /usr/local/apache/conf/OWASP/activated_rules/ directory were symlinks to the actual OWASP rules files I wanted to use. Custom.conf was for my own rules, and exclude.conf was used for whitelisting problematic rules.
     
  4. dilstar

    dilstar Member

    Joined:
    Nov 20, 2013
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    i dont know much about it, but i like mod_Security i have to secure wordpress comrpomise and joomla compromise, i dont know what to do, which rules can do that, it will be really easy if i will use copy paste rules
     
  5. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    The atomicorp rules were great for protecting most common CMSes, but the free delayed rules are no longer available. You might consider atomicorp's paid rule set.
     
Loading...

Share This Page