The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mod_security or not?

Discussion in 'Security' started by GoWilkes, Mar 3, 2014.

  1. GoWilkes

    GoWilkes Well-Known Member

    Joined:
    Sep 26, 2006
    Messages:
    367
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I have CSF installed and running fine. It recommends, though, that I install mod_security:

    You should install the mod_security apache module during the easyapache build process to help prevent exploitation of vulnerable web scripts, together with a set of SecFilters

    I did a search online and found several problems related to this module, but most of what I read was from a few years ago. So I don't know if those problems are no longer relevant, or if people have just stopped installing mod_security.

    If I'm not having any immediate problems, is this something I should install to prevent possible future problems? Or should I just not worry about it until I need it?
     
  2. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider
    I actually find mod_security to be one of our most valuable defenses against web-based attacks. Working for a rather large hosting provider, it's nice to be able to trend a specific type of attack and write a custom rule to block it. There are some incompatibilities (for example, it won't work with mod_ruid2), but you'll probably want to check your specific setup.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Yes, the only major issue I am aware of with Mod_Security is when it's used in conjunction with Mod_Ruid2. This should be addressed in a future EasyApache build in the near future.

    Thank you.
     
  4. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    I agree completely. It's extremely valuable for stopping attacks from hitting CMSes before people patch/update them, among other things. I've even defended some certain types of DoS attacks very successfully with ModSecurity.

    Most of the people who have "problems" with modsecurity are too lazy or inexperienced to whitelist or remove rules which conflict with their applications.

    At the end of the day, modsecurity only blocks things that it has rules telling it to block (just like any firewall). If it's blocking something it shouldn't be blocking, you can remove or whitelist a rule. It really is that simple the vast majority of the time. Don't let lazy web developers convince you otherwise.
     
Loading...

Share This Page