The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

OWASP Cpanel Rules - Experience

Discussion in 'Security' started by oempire, Apr 17, 2016.

  1. oempire

    oempire Registered

    Sep 6, 2014
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    We enabled the OWASP ruleset/ vendor over the weekend as its been listed as a vendor for around a year now, however i was surprised to find how horrible the ruleset is even after this long for the curation process.

    WordPress began failing, even at simple things image uploads, New Post, New Page, Menu adding

    The list goes on

    Magento was effected, Invision forums, custom scripts - it had a huge impact there's some nonsensical rules aswell.

    I've started white listing the rules, to specific folders / scripts to get around, but the amount of customers impacted is almost making me think to disable OWASP and go back to just my own ruleset and Comodo WAF - which i found less false positives (some whitelisting still needed)

    Perhaps we could as a community start a curation thread, where we can weed out the false positives and make specific folder / file excludes that others can use.

    I submitted feedback on around 40 rules this weekend - but to be honest it doesnt look promising if its this long after release and there's so many basic false positives. Am i the only one sending feedback?
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Apr 11, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    Hello :)

    You can find a thread on this at:

    OWASP - mod security and wordpress

    Thank you.

Share This Page