new configurations for ModSecurity (11.46 update)

[gnsw]

Hello, After upgrading cPanel to 11.46 are new configurations for Mod_security
specifically this option;

Connections Engine SecConnEngine:
- Process the rules.
- Do not process the rules. (Default)
- Process the rules in verbose mode, but do not execute disruptive actions.

which is the recommended option?

thanks

 

[BillyS]

Re: new configurations for Mod_security (11.46 update)

I have the same question.. documentation is very thin on this topic.

 

[quizknows]

Re: new configurations for Mod_security (11.46 update)

SecConnEngine is not really well documented in the ModSecurity manual either:

https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecConnEngine

The main important one is SecRuleEngine; that should always be on for your rules to work.

The connections engine I believe is used for settings like SecConnReadStateLimit:

https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#secconnreadstatelimit

This can be used to defend certain DoS attacks but I haven't seen it used much.

 

[studioq]

Re: new configurations for Mod_security (11.46 update)

I tried implementing the OWASP ModSecurity Core Rule Set last night and completely broke Apache and presumably Mod_Security - ended up having to restore from an image. No matter what I tried...Easy Apache to rebuild, disabling mod_security - which is near impossible - I couldn't get it running.

So now that I'm back up and running from a clean image...

I'm finding the documentation on anything having to do with cPanel and Mod_security very, very thin.

It would be nice to see a cPanel sponsored tutorial on exactly how to implement rule sets, custom rules, etc... Particularly if it's going to result in a crashed server that ends up on life support when people try to figure out how to do it on their own.

Right now things seems caught between "not really ready for prime-time" and "might be ready by 11.48..."