Re: Red Hat mod_security Rules to Mitigate Shellshock

lorio

Well-Known Member
Feb 25, 2004
309
17
168
cPanel Access Level
Root Administrator
What is the status of the mod_security rules made by cpanel project? There was a survey lightsyears ago about subscription and willingness to pay.

These rule could be offered by cpanel directly like the default setup provided with the mod_securitly module.
The overhaul of the gui which will be available with the next release is a nice improvement. But the rules itself could get an improvement. The id enumeration alone would be good thing.
 
Last edited:

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,608
77
308
cPanel Access Level
Root Administrator
Note: I moved your request into its own thread.

The project to provide an improved mod_security is underway. In 11.46 you'll see the first outcome, which are significantly improved tools for managing the rules you currently have.

The team is currently working on providing the OWASP mod_security rules to all cPanel & WHM servers. You can follow the status of the project in these feature requests:


We see the work with OWASP as a possible stepping stone to offering commercial rule sets.