The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Minimal OWASP ModSecurity CRS Settings?

Discussion in 'Security' started by polariz, Feb 23, 2015.

  1. polariz

    polariz Member

    Joined:
    Feb 23, 2015
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I am using WHM and have installed OWASP ModSecurity CRS but I want to have the most crucial secure protections only that does not (or at least almost never) cause false positives. So what rules do you suggest to have enabled for this?

    I was thinking ONLY enabling these:

    • REQUEST-30-APPLICATION-ATTACK-LFI
    • REQUEST-31-APPLICATION-ATTACK-RFI
    • REQUEST-41-APPLICATION-ATTACK-SQLI
    • REQUEST-49-BLOCKING-EVALUATION


    Do you have any suggestions?
     
  2. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    From what i'm learning, i think it all depends on what packages are running.
    For instance Joomla would require different rules disabling to WordPress.

    I was told that most installs would remove around 10 rules, but no one has told me any specific 10.
    I currently have 960008, 960009, 960015 and 981138 disabled.
    I'm not even sure if the results i was seeing were false or true, but i was seeing hundreds of results within 2 hours of installing OWASP.
     
  3. polariz

    polariz Member

    Joined:
    Feb 23, 2015
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I am also confused. When I first turned it on (all rules was set to default - ALL on) and I got hundreds of results after 2 min which made me turn it off completely.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    You may find this thread helpful:

    OWASP - mod security and wordpress

    There are several posts regarding this rule list and it's usability.

    Thank you.
     
  5. polariz

    polariz Member

    Joined:
    Feb 23, 2015
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    cPanelMichael , Thanks for the info. I read that thread and also added a message unfortunately I just noticed alot of people addressing many of the issues like me.... Still I am waiting for an answer to my initial question mentioned in 1st post here.
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,480
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I have removed your post in the other thread, cross posting only confuses an issue.


    There is no perfect list to suggest, IMHO. All of the Rulesets ideally could be used and the only need being to disable specific rules for your own needs. That thread you were linked to, discusses issues with Wordpress, some rules need to be disabled for it to work properly, for one example.
     
Loading...

Share This Page