Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

OWASP ModSecurity Core Rule Set v3

Discussion in 'Security' started by joejordanbrown, Mar 6, 2017.

  1. joejordanbrown

    Joined:
    Nov 28, 2016
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    United Kingdom
    cPanel Access Level:
    Root Administrator
    Shouldn't the OWASP vendor config file have the version added to the name or even another field to display the version. So if you have v2 and v3 installed you can differentiate between the two?

    If you look at the following files you will see they both have the exact same name

    v2
    http://httpupdate.cpanel.net/modsecurity-rules/meta_OWASP.yaml

    v3
    http://httpupdate.cpanel.net/modsecurity-rules/meta_OWASP3.yaml

    Also i notice v3 displays v2.9.0 in that file, is that an error or just local versioning?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    This is addressed with internal case CPANEL-10477 in cPanel version 64:

    Fixed case CPANEL-10477: Update WHM to use the new ModSecurity ruleset.

    You'll see "OWASP ModSecurity Core Rule Set V3.0" as the vendor name in cPanel version 64. Additionally, the case includes the following conditions:

    Thank you.
     
  3. joejordanbrown

    Joined:
    Nov 28, 2016
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    United Kingdom
    cPanel Access Level:
    Root Administrator
    Ok, thank you.
     
Loading...

Share This Page