Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SecConnEngine - why is default off?

Discussion in 'Security' started by jndawson, Jul 10, 2017.

Tags:
  1. jndawson

    jndawson Well-Known Member

    Joined:
    Aug 27, 2014
    Messages:
    202
    Likes Received:
    20
    Trophy Points:
    18
    Location:
    Western US
    cPanel Access Level:
    DataCenter Provider
    We come back to this question every once in awhile and never find an answer.

    The WHM default for the mod_sec setting SecConnEngine is 'Do not process the rules'. There is practically nothing available anywhere that actually describes what the setting is for other than 'determines the actions of the connection engine', which is self evident.

    So, why is the default setting off and what happens when we turn it on?
     
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,011
    Likes Received:
    89
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    Turning on SecConnEngine simply enables the option to use SecConn[Read|Write]StateLimit settings. These can be used as slowloris mitigation so one IP cannot eat up all your available apache threads. The example below would limit any IPs other than localhost to 50 connections per IP.

    Example Usage: SecConnReadStateLimit 50 "!@ipMatch 127.0.0.1"

    So basically if you had the above rule, but SecConnEngine was off, the above rule would not be processed. Same if you set a rule for SecConnWriteStateLimit
     
    linux4me2 and cPanelMichael like this.
  3. jndawson

    jndawson Well-Known Member

    Joined:
    Aug 27, 2014
    Messages:
    202
    Likes Received:
    20
    Trophy Points:
    18
    Location:
    Western US
    cPanel Access Level:
    DataCenter Provider
    Yes, and that's not answering the question of why the default is off.
     
  4. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,011
    Likes Received:
    89
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    I would guess the default is off because most rule sets don't include read/write state limits by default. Generally you only turn those on if you're under attack.
     
  5. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,532
    Likes Received:
    1,966
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @jndawson,

    Internal case CPANEL-4767 is open to improve the SecConnEngine description in "WHM >> ModSecurity Configuration". I don't have a specific time frame to offer for the publication of any changes to the description, but I'll monitor the case and update this thread with more information as it becomes available.

    Additionally, here's a quote from the case about the purpose of this option:

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. jndawson

    jndawson Well-Known Member

    Joined:
    Aug 27, 2014
    Messages:
    202
    Likes Received:
    20
    Trophy Points:
    18
    Location:
    Western US
    cPanel Access Level:
    DataCenter Provider
    That's great - thanks.

    Why is the default set to off?
     
  7. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,532
    Likes Received:
    1,966
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    There are no SecConnRead or WriteStateLimit values configured by default so the SecConnEngine option isn't needed.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    linux4me2 and quizknows like this.
  8. jndawson

    jndawson Well-Known Member

    Joined:
    Aug 27, 2014
    Messages:
    202
    Likes Received:
    20
    Trophy Points:
    18
    Location:
    Western US
    cPanel Access Level:
    DataCenter Provider
    Thanks!
     
  9. Ricardo Buchalla Auada

    Joined:
    Jun 3, 2018
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    São Paulo - Brazil
    cPanel Access Level:
    Root Administrator

    Is there a manual on how to create these rules ?
     
  10. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,532
    Likes Received:
    1,966
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. jeffschips

    jeffschips Active Member

    Joined:
    Jun 5, 2016
    Messages:
    29
    Likes Received:
    3
    Trophy Points:
    3
    Location:
    new york
    cPanel Access Level:
    Root Administrator
    Can someone dumb-down the reply a bit? Stating "Turning on SecConnEngine simply enables the option to use SecConn[Read|Write]StateLimit settings. These can be used as slowloris mitigation so one IP cannot eat up all your available apache threads. . . ."

    What does "sloworis" mean?

    Basically, what is the difference between having the secconnegine on vs. off and same for rulesengine? Going to the provided link in the app doesn't provide a clue.

    Thanks.
     
  12. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,585
    Likes Received:
    440
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. jeffschips

    jeffschips Active Member

    Joined:
    Jun 5, 2016
    Messages:
    29
    Likes Received:
    3
    Trophy Points:
    3
    Location:
    new york
    cPanel Access Level:
    Root Administrator
    Thank you *soooo* much for providing that. It clears up a lot for me.
     
    Infopro likes this.
  14. ottdev

    ottdev Well-Known Member

    Joined:
    Oct 1, 2013
    Messages:
    119
    Likes Received:
    4
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    By this do you mean default in the module ?
    Or did you mean the module as well as the default OWASP ruleset cPanel provides (at least currently)?

    One of our servers was optimized by the datacenter. In what folder would I "grep -r" to see if any such rules have been added after the fact ?"
     
  15. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,532
    Likes Received:
    1,966
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @ottdev,

    The SecConnEngine option isn't enabled by default because the default rules (including ones enabled as part of the OWASP ruleset) do not utilize SecConnRead or WriteStateLimit values. You are welcome to enable the SecConnEngine option via WHM Security Center » ModSecurity™ Configuration » Configure Global Directives if it's needed for your own custom rules.

    You can review a list of all enabled rules in WHM Home » Security Center » ModSecurity™ Tools » Rules List.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  16. ottdev

    ottdev Well-Known Member

    Joined:
    Oct 1, 2013
    Messages:
    119
    Likes Received:
    4
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    The rules list is too cumbersome to search thru several pages.
    What folders are they all living in as grep -r will be much easier?
    NEVERMIND : ultimately all appear to be within /etc/apache2/conf.d/
     
    #16 ottdev, Aug 9, 2018
    Last edited: Aug 9, 2018
  17. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,532
    Likes Received:
    1,966
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice