The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

new configurations for ModSecurity (11.46 update)

Discussion in 'Security' started by gnsw, Nov 6, 2014.

  1. gnsw

    gnsw Member

    Joined:
    Aug 6, 2014
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello, After upgrading cPanel to 11.46 are new configurations for Mod_security
    specifically this option;

    Connections Engine SecConnEngine:
    - Process the rules.
    - Do not process the rules. (Default)
    - Process the rules in verbose mode, but do not execute disruptive actions.

    which is the recommended option?

    thanks
     
  2. BillyS

    BillyS Active Member

    Joined:
    Mar 22, 2013
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Re: new configurations for Mod_security (11.46 update)

    I have the same question.. documentation is very thin on this topic.
     
  3. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Re: new configurations for Mod_security (11.46 update)

    SecConnEngine is not really well documented in the ModSecurity manual either:

    https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecConnEngine

    The main important one is SecRuleEngine; that should always be on for your rules to work.

    The connections engine I believe is used for settings like SecConnReadStateLimit:

    https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#secconnreadstatelimit

    This can be used to defend certain DoS attacks but I haven't seen it used much.
     
  4. studioq

    studioq Member

    Joined:
    Dec 9, 2014
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Re: new configurations for Mod_security (11.46 update)

    I tried implementing the OWASP ModSecurity Core Rule Set last night and completely broke Apache and presumably Mod_Security - ended up having to restore from an image. No matter what I tried...Easy Apache to rebuild, disabling mod_security - which is near impossible - I couldn't get it running.

    So now that I'm back up and running from a clean image...

    I'm finding the documentation on anything having to do with cPanel and Mod_security very, very thin.

    It would be nice to see a cPanel sponsored tutorial on exactly how to implement rule sets, custom rules, etc... Particularly if it's going to result in a crashed server that ends up on life support when people try to figure out how to do it on their own.

    Right now things seems caught between "not really ready for prime-time" and "might be ready by 11.48..."
     
Loading...

Share This Page