Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SecConnEngine - why is default off?

Discussion in 'Security' started by jndawson, Jul 10, 2017.

Tags:
  1. jndawson

    jndawson Well-Known Member

    Joined:
    Aug 27, 2014
    Messages:
    169
    Likes Received:
    18
    Trophy Points:
    18
    Location:
    Western US
    cPanel Access Level:
    DataCenter Provider
    We come back to this question every once in awhile and never find an answer.

    The WHM default for the mod_sec setting SecConnEngine is 'Do not process the rules'. There is practically nothing available anywhere that actually describes what the setting is for other than 'determines the actions of the connection engine', which is self evident.

    So, why is the default setting off and what happens when we turn it on?
     
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    987
    Likes Received:
    76
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    Turning on SecConnEngine simply enables the option to use SecConn[Read|Write]StateLimit settings. These can be used as slowloris mitigation so one IP cannot eat up all your available apache threads. The example below would limit any IPs other than localhost to 50 connections per IP.

    Example Usage: SecConnReadStateLimit 50 "!@ipMatch 127.0.0.1"

    So basically if you had the above rule, but SecConnEngine was off, the above rule would not be processed. Same if you set a rule for SecConnWriteStateLimit
     
    linux4me2 and cPanelMichael like this.
  3. jndawson

    jndawson Well-Known Member

    Joined:
    Aug 27, 2014
    Messages:
    169
    Likes Received:
    18
    Trophy Points:
    18
    Location:
    Western US
    cPanel Access Level:
    DataCenter Provider
    Yes, and that's not answering the question of why the default is off.
     
  4. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    987
    Likes Received:
    76
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    I would guess the default is off because most rule sets don't include read/write state limits by default. Generally you only turn those on if you're under attack.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @jndawson,

    Internal case CPANEL-4767 is open to improve the SecConnEngine description in "WHM >> ModSecurity Configuration". I don't have a specific time frame to offer for the publication of any changes to the description, but I'll monitor the case and update this thread with more information as it becomes available.

    Additionally, here's a quote from the case about the purpose of this option:

    Thank you.
     
  6. jndawson

    jndawson Well-Known Member

    Joined:
    Aug 27, 2014
    Messages:
    169
    Likes Received:
    18
    Trophy Points:
    18
    Location:
    Western US
    cPanel Access Level:
    DataCenter Provider
    That's great - thanks.

    Why is the default set to off?
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    There are no SecConnRead or WriteStateLimit values configured by default so the SecConnEngine option isn't needed.

    Thank you.
     
    linux4me2 and quizknows like this.
  8. jndawson

    jndawson Well-Known Member

    Joined:
    Aug 27, 2014
    Messages:
    169
    Likes Received:
    18
    Trophy Points:
    18
    Location:
    Western US
    cPanel Access Level:
    DataCenter Provider
    Thanks!
     
Loading...

Share This Page