Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Questions about enabling mod_security

Discussion in 'Security' started by meeven, May 22, 2018.

  1. meeven

    meeven Well-Known Member

    Joined:
    May 8, 2007
    Messages:
    132
    Likes Received:
    1
    Trophy Points:
    168
    I have a few questions on mod_security that puzzle me, so I thought I would ask for some help here to try and clarify them:

    1. I have mod_security enabled at the server level and have the OWASP ModSecurity Core Rule Set enabled, with all the 22 rules active. Rules engine is set to be processed. However, all the cPanel accounts on the server have mod_security turned off for their domains. Does this offer any real protection? I see lots of warnings in the mod_sec logs in WHM, which seems to suggest the server is being protected, but I am not sure. We have never had an account or server compromise with these settings in the last three years.
    2. Recently, I enabled OWASP ModSecurity Core Rule Set V3.0, in addition to the original Core Rule set. The idea was to protect some of our client sites from Drupalgeddon 2, but I haven't enabled any of the rules, yet, as I am unsure if this will clash with the existing rule set. Does anyone here have both the OWASP Core Rule sets (old and V3.0) working on their server?
    3. The reason I turned off mod_security at the cPanel account level is that it always caused problems with redirects for every domain; the moment it was enabled, any request to a page on the domain would redirect the user to the domain's home page. Is there a proper way to set things up to avoid this? After all, there must be a reason why it's available at the domain level.
    Thanks in advance for any insights anyone here can offer.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,740
    Likes Received:
    1,796
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @meeven,

    While it can help protect against generalized Apache traffic not directed to specific domain names, you're not getting the most out of the protection if Mod Security is disabled on your accounts.

    This topic is discussed in more detail on the following thread:

    Upgrading mod security to OWASP 3.0

    This topic is discussed in more detail on the following thread:

    SOLVED - Stop ModSec redirecting on access denied

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. meeven

    meeven Well-Known Member

    Joined:
    May 8, 2007
    Messages:
    132
    Likes Received:
    1
    Trophy Points:
    168
    @cPanelMichael, sorry, I forgot to check back after posting my questions.

    Thank you very much for the links. I will check them out and update this thread with the results.
     
    cPanelMichael likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice