Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Some Mod_security rules not present in last release. Why?

Discussion in 'Security' started by Kent Brockman, Feb 27, 2012.

  1. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,181
    Likes Received:
    7
    Trophy Points:
    168
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hi there people. I just wanted to point out something that grab my attention today.
    I'm studying the different mechanisms that mod_security allow to protect the server against malware, bots and hackers, and lurking the different installation folders inside the system, I discovered that the files with advanced configurations and extra, optional, filters, was present in the EasyApache src folder for mod_sec v2.5.13, but the installed version seems to be the 2.6.3. The weird thing is that 2.6.3 HAVE NOT these filter files in its place.

    Code:
    [11:02:34][~]# locate modsecurity_crs
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/modsecurity_crs_10_config.conf.example
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/modsecurity_crs_48_local_exceptions.conf.example
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/base_rules/modsecurity_crs_20_protocol_violations.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/base_rules/modsecurity_crs_21_protocol_anomalies.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/base_rules/modsecurity_crs_23_request_limits.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/base_rules/modsecurity_crs_30_http_policy.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/base_rules/modsecurity_crs_35_bad_robots.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/base_rules/modsecurity_crs_40_generic_attacks.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/base_rules/modsecurity_crs_41_sql_injection_attacks.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/base_rules/modsecurity_crs_41_xss_attacks.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/base_rules/modsecurity_crs_42_tight_security.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/base_rules/modsecurity_crs_45_trojans.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/base_rules/modsecurity_crs_47_common_exceptions.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/base_rules/modsecurity_crs_49_inbound_blocking.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/base_rules/modsecurity_crs_50_outbound.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/base_rules/modsecurity_crs_59_outbound_blocking.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/base_rules/modsecurity_crs_60_correlation.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/optional_rules/modsecurity_crs_40_experimental.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/optional_rules/modsecurity_crs_41_phpids_converter.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/optional_rules/modsecurity_crs_41_phpids_filters.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/optional_rules/modsecurity_crs_42_comment_spam.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/optional_rules/modsecurity_crs_43_csrf_protection.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/optional_rules/modsecurity_crs_46_et_sql_injection.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/optional_rules/modsecurity_crs_46_et_web_rules.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/optional_rules/modsecurity_crs_49_header_tagging.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/optional_rules/modsecurity_crs_55_application_defects.conf
    /home/cpeasyapache/src/modsecurity-apache_2.5.13/rules/optional_rules/modsecurity_crs_55_marketing.conf
    
    I wanted to know if I'm missing something, or if cPanel is missing something.

    Although the Reference Manual in /home/cpeasyapache/src/modsecurity-apache_2.6.3/doc/Reference_Manual.html indicates that the content applies for 2.5.13 and 2.6.3.
    Why aren't rules present in the 2.6.3 installation? Or are those 2.5.13 files taken in account anyway by the currently installed mod_security version? I'd like some clarification please, to better understand what rules are needed to be configured.

    Thanks.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. storminternet

    storminternet Well-Known Member

    Joined:
    Nov 2, 2011
    Messages:
    460
    Likes Received:
    0
    Trophy Points:
    66
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,181
    Likes Received:
    7
    Trophy Points:
    168
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    I know. What since cPanel allows to install it via Easy Apache, they shall know at less the way Easy Apache is configuring a making the install. My main concern is to learn from cPanel why are there the rules conf files that belong to the old 2.5.13 mod_security and why the last version (2.6.3) have not.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice