Revert to mod_security 2.7.7

Hi. Totally agree with the OP. This is always a bone of contention. I really wish cpanel would offer a bit more control over the ModSec version. ModSecurity 2.8 has a few bugs, and one of them has meant that anyone using Atomic Corp Realtime Rules (I'm sure we are not alone here) are finding problems as follows:

Atomicorp • View topic - Syntax error?

The fix is simply to get rid of any CIDR notations from the ipMatch parameters. This script will fix the current problem but I expect there will be more to come unless Atomic Corp either support 2.8 or cPanel allow a downgrade - between the two organisations us poor hosters are getting the rough end of the stick.

Code:

#!/bin/bash
#TEMPORARY PATCH DUE TO MODSEC 2.8 BUG
IFS=$'\n'
declare -a Files=($(egrep -l "ipMatch 127.0.0.0/8" /usr/local/apache/conf/modsec_rules/*))
unset IFS
for File in "${Files[@]}"; do
   /bin/sed -i -e 's:ipMatch 127\.0\.0\.0\/8:ipMatch 127.0.0.1:' $File
done

 

Disappointed with this response. I am slightly less disappointed with Atomic Corp's response:

Atomicorp • View topic - Syntax error?

because I sympathise with their point of view that 2.8 is too buggy.

It begs the question - Why push out Mod Security 2.8 when there were very clearly documented problems with it:

https://github.com/SpiderLabs/ModSecurity/issues/706

...and one of the biggest players in managed Mod Security rulesets won't even touch it? This was poorly managed, poorly researched, and a bad decision that has negatively affected, I expect, a lot of customers.

 

Totally agree.

Not good kick ball out, "you put a ticket" "request an improvement"

The criticism is constructive, and Cpanel error is clear. He opted for a very recent version of mod_security that came with bugs and that is a problem for thousands of users running Cpanel + AtomicRules and other rules.

The reaction from Cpanel should be another, to offer the downgrade or method to execute without easyapache use the version 2.8

Should not send the user to "Submit A Feature Request"

Reaction proactive versus traditional reaction

 

I don't fault cPanel or ASL here, though I did ping someone regarding https://github.com/SpiderLabs/ModSecurity/issues/706

Hopefully it gets patched soon and the updated version can get into EA.

edit: I'd also support EA just going back to 2.7.x until the major rule sets are "happy" with 2.8, or offering the choice between the two. There are some nice new features in 2.8 I'd like to use, but they're not super urgent.

 

Hi everyone,

We are beginning work to revert mod_security back to version 2.7.7. Please watch the EasyApache forums and our change log for the upcoming release.

Thanks for your feedback!

 

Hi everyone,

EasyApache 3.24.21 has been published. Please take a moment to view our change log.

This version of EasyApache addresses the issues with mod_security 2.8.0 and a particular rule set that would cause EasyApache to not function as expected. Originally a revert to mod_security 2.7.7 seemed the most likely solution to solve this problem. Thankfully we have identified a less invasive and more precise change rather than reverting back to mod_security 2.7.7. We have applied the patch that addresses the issues with the offending rule in EasyApache 3.24.21.

We were able to utilize a patch provided here. The developers have indicated that this patch will be part of the mod_security 2.8.1 release candidate. EasyApache will update mod_security to version 2.8.1 when it has been released.

Thank you all for your patience and helpful feedback. It's an been an integral part of the troubleshooting process. Please let us know if there are any additional questions.

 

" that cPanel does not provide ModSecurity"

Disapointted... Cpanel offer ModSecurity...
EasyApache mod_security Module

 

Hi speckados,

I hope I can help address your concern. EasyApache does provide access to the ModSecurity software as you see in the documentation you found. ModSecurity is released and maintained by groups outside of cPanel. This is the same with all components of EasyApache such as PHP and Apache itself. EasyApache is a tool that helps to utilize and deploy this software in a convenient and safe manner.

cPanelPeter's comment that "cPanel does not provide ModSecurity" simply means that cPanel is not the initial developer of the software. We also carefully review and test all new updates to EasyApache. This recent issue with ModSecurity has led to improved test coverage from the ModSecurity developers themselves as seen here. This is a learning experience for not just the ModSecurity developers, but also for cPanel and EasyApache.

Please let me know if you have any other questions or have ideas how to improve our integration of ModSecurity. Thanks!