Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Questions about enabling mod_security

Discussion in 'Security' started by meeven, May 22, 2018.

  1. meeven

    meeven Well-Known Member

    Joined:
    May 8, 2007
    Messages:
    132
    Likes Received:
    1
    Trophy Points:
    168
    I have a few questions on mod_security that puzzle me, so I thought I would ask for some help here to try and clarify them:

    1. I have mod_security enabled at the server level and have the OWASP ModSecurity Core Rule Set enabled, with all the 22 rules active. Rules engine is set to be processed. However, all the cPanel accounts on the server have mod_security turned off for their domains. Does this offer any real protection? I see lots of warnings in the mod_sec logs in WHM, which seems to suggest the server is being protected, but I am not sure. We have never had an account or server compromise with these settings in the last three years.
    2. Recently, I enabled OWASP ModSecurity Core Rule Set V3.0, in addition to the original Core Rule set. The idea was to protect some of our client sites from Drupalgeddon 2, but I haven't enabled any of the rules, yet, as I am unsure if this will clash with the existing rule set. Does anyone here have both the OWASP Core Rule sets (old and V3.0) working on their server?
    3. The reason I turned off mod_security at the cPanel account level is that it always caused problems with redirects for every domain; the moment it was enabled, any request to a page on the domain would redirect the user to the domain's home page. Is there a proper way to set things up to avoid this? After all, there must be a reason why it's available at the domain level.
    Thanks in advance for any insights anyone here can offer.
     
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,423
    Likes Received:
    1,958
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @meeven,

    While it can help protect against generalized Apache traffic not directed to specific domain names, you're not getting the most out of the protection if Mod Security is disabled on your accounts.

    This topic is discussed in more detail on the following thread:

    Upgrading mod security to OWASP 3.0

    This topic is discussed in more detail on the following thread:

    SOLVED - Stop ModSec redirecting on access denied

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. meeven

    meeven Well-Known Member

    Joined:
    May 8, 2007
    Messages:
    132
    Likes Received:
    1
    Trophy Points:
    168
    @cPanelMichael, sorry, I forgot to check back after posting my questions.

    Thank you very much for the links. I will check them out and update this thread with the results.
     
    cPanelMichael likes this.
  4. Zardiw

    Zardiw Active Member

    Joined:
    Sep 22, 2017
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Palm Springs
    cPanel Access Level:
    Root Administrator
    I love it when instead of explaining it, they send you to several other links.......which usually do NOT explain it.....not in detail to where somebody can actually IMPLEMENT the explanation.......lolol
     
  5. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,423
    Likes Received:
    1,958
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @Zardiw,

    I'm sorry to see you're having trouble finding a solution to an issue. I'm happy to help answer any specific questions you have or to help point you in the right direction.

    Regarding the use of links, we sometimes provide links to existing forum threads where similar topics are discussed. This is especially helpful with issues that fall outside our scope of support (e.g. custom Mod_Security rules) because it pushes the discussion to a thread that's more likely to receive feedback from other customers using a similar configuration.

    Let me know if there's anything I can do to help.

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice