The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to verify the authenticity of POST, PUT, and DELETE requests

Discussion in 'Security' started by postcd, Apr 16, 2015.

  1. postcd

    postcd Well-Known Member

    Joined:
    Oct 22, 2010
    Messages:
    623
    Likes Received:
    6
    Trophy Points:
    18
    Hello,

    an webmaster said: "We use SQL injection filters and verify the authenticity of POST, PUT, and DELETE requests to prevent CSRF attacks."

    I assume they are using something like Apache Mod_Security to filter out injection attempts, but i would like to ask what do you advice to install in WHM to "verify the authenticity of POST, PUT, and DELETE requests"? Can i do some modiffication on server so all cpanels are protected against that?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Mod_Security is the best application you can use to monitor request methods and block when certain rule criteria are met. Were you seeking out an application other than Mod_Security, or for a different purpose?

    Thank you.
     
  3. postcd

    postcd Well-Known Member

    Joined:
    Oct 22, 2010
    Messages:
    623
    Likes Received:
    6
    Trophy Points:
    18
    thx, so this mentioned request authenticity veriffication is done by Mod Security rules, please can anyone link to some detailed info on rules which can ensure this veriffication of authenticity?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Typically, users choose to use an existing rule set from a vendor such as OWASP. You can browse to "WHM Home » Security Center » Manage Vendors" to enable a vendor such as OWASP (note that it's currently the only one available by default).

    Thank you.
     
  5. postcd

    postcd Well-Known Member

    Joined:
    Oct 22, 2010
    Messages:
    623
    Likes Received:
    6
    Trophy Points:
    18
    Thx, but i dont recommend OWASP on production hosting servers with hundreds of websites, i tried to enable it from WHM and several content management systems functions stopped working thanks to it. I dont remember which functions and which rules i disabled but but it was more than 3 and then i resigned and disabled whole owasp. You will find there or on google that OWASP means issues
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You are welcome to try using a different ruleset if the OWASP rules are not suitable for your server. Feel free to update us with the outcome.

    Thank you.
     

Share This Page