OWASP Cpanel Rules - Experience

oempire

Member
Sep 6, 2014
9
1
53
cPanel Access Level
Root Administrator
We enabled the OWASP ruleset/ vendor over the weekend as its been listed as a vendor for around a year now, however i was surprised to find how horrible the ruleset is even after this long for the curation process.

WordPress began failing, even at simple things image uploads, New Post, New Page, Menu adding

The list goes on

Magento was effected, Invision forums, custom scripts - it had a huge impact there's some nonsensical rules aswell.

I've started white listing the rules, to specific folders / scripts to get around, but the amount of customers impacted is almost making me think to disable OWASP and go back to just my own ruleset and Comodo WAF - which i found less false positives (some whitelisting still needed)

Perhaps we could as a community start a curation thread, where we can weed out the false positives and make specific folder / file excludes that others can use.

I submitted feedback on around 40 rules this weekend - but to be honest it doesnt look promising if its this long after release and there's so many basic false positives. Am i the only one sending feedback?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,225
463