Last OWASP rules are reliable?

darwin7

Active Member
Jun 9, 2011
36
4
58
Milan
cPanel Access Level
Root Administrator
Good morning

I was planning to enable OWASP ruleset for ModSecurity and I searched around some information.

Then, I found some worrying complaints (for example here OWASP Cpanel Rules - Experience) and I'm reviewing my plans.

Since I read somewhere that OWASP rules have been recently updated, I would like to ask you if you are using OWASP/ModSecurity rules and why they are suggested or not suggested.

Thank you!
/cq
 
Last edited by a moderator:

rpvw

Well-Known Member
Jul 18, 2013
1,101
462
113
UK
cPanel Access Level
Root Administrator

darwin7

Active Member
Jun 9, 2011
36
4
58
Milan
cPanel Access Level
Root Administrator

rpvw

Well-Known Member
Jul 18, 2013
1,101
462
113
UK
cPanel Access Level
Root Administrator
Yes I have both WP and Joomla sites. Some site owners find they sometimes need to switch off ModSec in their cPanels for heavy admin editing sessions - but I have had no complaints from website owners that their sites are having any issues serving their customers.

Curiously, I made considerable effort to try and track down if any particular plugin or extension was problematic - with absolutely no consistent nor quantifiable results. The website owners seem happy enough to pop into their cPanel and switch off the ModSec for the duration of an admin editing session if they find they are getting unexpected events.

My website owners (all companies) respect the increased security that ModSec offers them, and value that over the inconvenience of having to occasionally disable it and then re-enable it in cPanel.

If you are able to quantify a rule that is causing your website operator issues, you can easily use the ConfigServer ModSecurity Control (cmc) to disable that rule, either globally, or on a per domain basis.
 

darwin7

Active Member
Jun 9, 2011
36
4
58
Milan
cPanel Access Level
Root Administrator
Hi rpvw

thank you for the explanation.
Yes, I use cmc regularly.

I only had doubts about any false positives of OWASP, because I read lot of complaints.

I will try to enable it.

Thank you! ;)
 

rpvw

Well-Known Member
Jul 18, 2013
1,101
462
113
UK
cPanel Access Level
Root Administrator
As with many things in life, the universe and web hosting ....... one size often does NOT fit all !

Your particular customers may use WP or Joomla extensions or configurations in a way that trigger false positives in the OWASP ModSecurity Core Rule Set V3.0 , but the only way you will ever find out, is if you enable it and then, unfortunately, spend some considerable time initially monitoring and analysing the results.

You can always take the easy way out and just enable it, and deal with any screaming clients on a case by case basis - or even just tell them to switch it off if they don't like it.
 

darwin7

Active Member
Jun 9, 2011
36
4
58
Milan
cPanel Access Level
Root Administrator
Dear rpvw,

Your particular customers may use WP or Joomla extensions or configurations in a way that trigger false positives in the OWASP ModSecurity Core Rule Set V3.0 , but the only way you will ever find out, is if you enable it and then, unfortunately, spend some considerable time initially monitoring and analysing the results.
Yes, are there so many plugin around that the only way is check one by one for every acount.

You can always take the easy way out and just enable it, and deal with any screaming clients on a case by case basis - or even just tell them to switch it off if they don't like it.
Unfortunately, if I'm not wrong, from cPanel users can only enable/disable whole ModSecurity rather than a single ruleset. However, it's useful.

Thank you for your valuable help!
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Unfortunately, if I'm not wrong, from cPanel users can only enable/disable whole ModSecurity rather than a single ruleset. However, it's useful.
Hello,

That's correct. I encourage you to vote and add feedback to the following feature requests if you'd like to see support for that added to the product:

Modsecurity tools: Ability to ignore specific rule ID's per user account
Configure ModSecurity Rules per user account and a way to allow users to see its ModSecurity logs

Thanks!
 

thanasis

Well-Known Member
Nov 24, 2017
73
4
8
Greece
cPanel Access Level
Root Administrator
Hi rpvw

thank you for the explanation.
Yes, I use cmc regularly.

I only had doubts about any false positives of OWASP, because I read lot of complaints.

I will try to enable it.

Thank you! ;)

Hello darwin7,
did you enable OWASP?
did you have any problems with WP , Joomla , Opencart ?