The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Some Mod_security rules not present in last release. Why?

Discussion in 'Security' started by Kent Brockman, Feb 27, 2012.

  1. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,130
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hi there people. I just wanted to point out something that grab my attention today.
    I'm studying the different mechanisms that mod_security allow to protect the server against malware, bots and hackers, and lurking the different installation folders inside the system, I discovered that the files with advanced configurations and extra, optional, filters, was present in the EasyApache src folder for mod_sec v2.5.13, but the installed version seems to be the 2.6.3. The weird thing is that 2.6.3 HAVE NOT these filter files in its place.

    Code:
    [11:02:34][~]# locate modsecurity_crs
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/modsecurity_crs_10_config.conf.example
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/modsecurity_crs_48_local_exceptions.conf.example
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/base_rules/modsecurity_crs_20_protocol_violations.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/base_rules/modsecurity_crs_21_protocol_anomalies.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/base_rules/modsecurity_crs_23_request_limits.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/base_rules/modsecurity_crs_30_http_policy.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/base_rules/modsecurity_crs_35_bad_robots.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/base_rules/modsecurity_crs_40_generic_attacks.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/base_rules/modsecurity_crs_41_sql_injection_attacks.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/base_rules/modsecurity_crs_41_xss_attacks.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/base_rules/modsecurity_crs_42_tight_security.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/base_rules/modsecurity_crs_45_trojans.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/base_rules/modsecurity_crs_47_common_exceptions.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/base_rules/modsecurity_crs_49_inbound_blocking.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/base_rules/modsecurity_crs_50_outbound.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/base_rules/modsecurity_crs_59_outbound_blocking.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/base_rules/modsecurity_crs_60_correlation.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/optional_rules/modsecurity_crs_40_experimental.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/optional_rules/modsecurity_crs_41_phpids_converter.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/optional_rules/modsecurity_crs_41_phpids_filters.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/optional_rules/modsecurity_crs_42_comment_spam.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/optional_rules/modsecurity_crs_43_csrf_protection.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/optional_rules/modsecurity_crs_46_et_sql_injection.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/optional_rules/modsecurity_crs_46_et_web_rules.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/optional_rules/modsecurity_crs_49_header_tagging.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/optional_rules/modsecurity_crs_55_application_defects.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/optional_rules/modsecurity_crs_55_marketing.conf
    
    I wanted to know if I'm missing something, or if cPanel is missing something.

    Although the Reference Manual in /home/cpeasyapache/src/modsecurity-apache_2.6.3/doc/Reference_Manual.html indicates that the content applies for 2.5.13 and 2.6.3.
    Why aren't rules present in the 2.6.3 installation? Or are those 2.5.13 files taken in account anyway by the currently installed mod_security version? I'd like some clarification please, to better understand what rules are needed to be configured.

    Thanks.
     
  2. storminternet

    storminternet Well-Known Member

    Joined:
    Nov 2, 2011
    Messages:
    462
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
  3. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,130
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    I know. What since cPanel allows to install it via Easy Apache, they shall know at less the way Easy Apache is configuring a making the install. My main concern is to learn from cPanel why are there the rules conf files that belong to the old 2.5.13 mod_security and why the last version (2.6.3) have not.
     
Loading...

Share This Page