The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Re: Red Hat mod_security Rules to Mitigate Shellshock

Discussion in 'General Discussion' started by lorio, Oct 8, 2014.

  1. lorio

    lorio Well-Known Member

    Joined:
    Feb 25, 2004
    Messages:
    243
    Likes Received:
    3
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    What is the status of the mod_security rules made by cpanel project? There was a survey lightsyears ago about subscription and willingness to pay.

    These rule could be offered by cpanel directly like the default setup provided with the mod_securitly module.
    The overhaul of the gui which will be available with the next release is a nice improvement. But the rules itself could get an improvement. The id enumeration alone would be good thing.
     
    #1 lorio, Oct 8, 2014
    Last edited: Oct 8, 2014
  2. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Note: I moved your request into its own thread.

    The project to provide an improved mod_security is underway. In 11.46 you'll see the first outcome, which are significantly improved tools for managing the rules you currently have.

    The team is currently working on providing the OWASP mod_security rules to all cPanel & WHM servers. You can follow the status of the project in these feature requests:


    We see the work with OWASP as a possible stepping stone to offering commercial rule sets.
     
  3. lorio

    lorio Well-Known Member

    Joined:
    Feb 25, 2004
    Messages:
    243
    Likes Received:
    3
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Thanks for the update, Kenneth.
     
Loading...

Share This Page