Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Last OWASP rules are reliable?

Discussion in 'Security' started by darwin7, Nov 24, 2017.

Tags:
  1. darwin7

    darwin7 Active Member

    Joined:
    Jun 9, 2011
    Messages:
    33
    Likes Received:
    4
    Trophy Points:
    58
    Location:
    Milan
    cPanel Access Level:
    Root Administrator
    Good morning

    I was planning to enable OWASP ruleset for ModSecurity and I searched around some information.

    Then, I found some worrying complaints (for example here OWASP Cpanel Rules - Experience) and I'm reviewing my plans.

    Since I read somewhere that OWASP rules have been recently updated, I would like to ask you if you are using OWASP/ModSecurity rules and why they are suggested or not suggested.

    Thank you!
    /cq
     
    #1 darwin7, Nov 24, 2017
    Last edited by a moderator: Nov 24, 2017
  2. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    678
    Likes Received:
    228
    Trophy Points:
    43
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. darwin7

    darwin7 Active Member

    Joined:
    Jun 9, 2011
    Messages:
    33
    Likes Received:
    4
    Trophy Points:
    58
    Location:
    Milan
    cPanel Access Level:
    Root Administrator
  4. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    678
    Likes Received:
    228
    Trophy Points:
    43
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Yes I have both WP and Joomla sites. Some site owners find they sometimes need to switch off ModSec in their cPanels for heavy admin editing sessions - but I have had no complaints from website owners that their sites are having any issues serving their customers.

    Curiously, I made considerable effort to try and track down if any particular plugin or extension was problematic - with absolutely no consistent nor quantifiable results. The website owners seem happy enough to pop into their cPanel and switch off the ModSec for the duration of an admin editing session if they find they are getting unexpected events.

    My website owners (all companies) respect the increased security that ModSec offers them, and value that over the inconvenience of having to occasionally disable it and then re-enable it in cPanel.

    If you are able to quantify a rule that is causing your website operator issues, you can easily use the ConfigServer ModSecurity Control (cmc) to disable that rule, either globally, or on a per domain basis.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. darwin7

    darwin7 Active Member

    Joined:
    Jun 9, 2011
    Messages:
    33
    Likes Received:
    4
    Trophy Points:
    58
    Location:
    Milan
    cPanel Access Level:
    Root Administrator
    Hi rpvw

    thank you for the explanation.
    Yes, I use cmc regularly.

    I only had doubts about any false positives of OWASP, because I read lot of complaints.

    I will try to enable it.

    Thank you! ;)
     
  6. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    678
    Likes Received:
    228
    Trophy Points:
    43
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    As with many things in life, the universe and web hosting ....... one size often does NOT fit all !

    Your particular customers may use WP or Joomla extensions or configurations in a way that trigger false positives in the OWASP ModSecurity Core Rule Set V3.0 , but the only way you will ever find out, is if you enable it and then, unfortunately, spend some considerable time initially monitoring and analysing the results.

    You can always take the easy way out and just enable it, and deal with any screaming clients on a case by case basis - or even just tell them to switch it off if they don't like it.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. darwin7

    darwin7 Active Member

    Joined:
    Jun 9, 2011
    Messages:
    33
    Likes Received:
    4
    Trophy Points:
    58
    Location:
    Milan
    cPanel Access Level:
    Root Administrator
    Dear rpvw,

    Yes, are there so many plugin around that the only way is check one by one for every acount.

    Unfortunately, if I'm not wrong, from cPanel users can only enable/disable whole ModSecurity rather than a single ruleset. However, it's useful.

    Thank you for your valuable help!
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,729
    Likes Received:
    1,796
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    That's correct. I encourage you to vote and add feedback to the following feature requests if you'd like to see support for that added to the product:

    Modsecurity tools: Ability to ignore specific rule ID's per user account
    Configure ModSecurity Rules per user account and a way to allow users to see its ModSecurity logs

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. darwin7

    darwin7 Active Member

    Joined:
    Jun 9, 2011
    Messages:
    33
    Likes Received:
    4
    Trophy Points:
    58
    Location:
    Milan
    cPanel Access Level:
    Root Administrator
    Hello cPanelMichael

    this is great! Thank you :)

    Regards,
    /cq
     
    cPanelMichael likes this.
  10. thanasis

    thanasis Active Member

    Joined:
    Nov 24, 2017
    Messages:
    37
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Greece
    cPanel Access Level:
    Root Administrator

    Hello darwin7,
    did you enable OWASP?
    did you have any problems with WP , Joomla , Opencart ?
     
  11. darwin7

    darwin7 Active Member

    Joined:
    Jun 9, 2011
    Messages:
    33
    Likes Received:
    4
    Trophy Points:
    58
    Location:
    Milan
    cPanel Access Level:
    Root Administrator
    Hello
    I enabled it on a test server with few WP and Joomla installations and up to dare I had no issues!
    Thanks
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice