mod_security or not?

[GoWilkes]

I have CSF installed and running fine. It recommends, though, that I install mod_security:

You should install the mod_security apache module during the easyapache build process to help prevent exploitation of vulnerable web scripts, together with a set of SecFilters

I did a search online and found several problems related to this module, but most of what I read was from a few years ago. So I don't know if those problems are no longer relevant, or if people have just stopped installing mod_security.

If I'm not having any immediate problems, is this something I should install to prevent possible future problems? Or should I just not worry about it until I need it?

 

[vanessa]

I actually find mod_security to be one of our most valuable defenses against web-based attacks. Working for a rather large hosting provider, it's nice to be able to trend a specific type of attack and write a custom rule to block it. There are some incompatibilities (for example, it won't work with mod_ruid2), but you'll probably want to check your specific setup.

 

[cPanelMichael]

Hello

Yes, the only major issue I am aware of with Mod_Security is when it's used in conjunction with Mod_Ruid2. This should be addressed in a future EasyApache build in the near future.

Thank you.

 

[quizknows]

I actually find mod_security to be one of our most valuable defenses against web-based attacks. Working for a rather large hosting provider, it's nice to be able to trend a specific type of attack and write a custom rule to block it. There are some incompatibilities (for example, it won't work with mod_ruid2), but you'll probably want to check your specific setup.

I agree completely. It's extremely valuable for stopping attacks from hitting CMSes before people patch/update them, among other things. I've even defended some certain types of DoS attacks very successfully with ModSecurity.

Most of the people who have "problems" with modsecurity are too lazy or inexperienced to whitelist or remove rules which conflict with their applications.

At the end of the day, modsecurity only blocks things that it has rules telling it to block (just like any firewall). If it's blocking something it shouldn't be blocking, you can remove or whitelist a rule. It really is that simple the vast majority of the time. Don't let lazy web developers convince you otherwise.